VeriFone Secure Retail Payments

Payment Security Web Portal Brought to You by VeriFone

News

Please note: this is our news ARCHIVE. Click here to access our most recent news articles.

December 2010

Retailers Swipe at Credit-Card Plan – online.wsj.com – 12/31/10 – “The Credit Card Act signed into law last year was supposed to stop financial institutions from sleazy antics. But instead, some retailers say, it may restrict stay-at-home moms. Dress Barn Inc., Home Depot Inc., Citigroup Inc. and other companies are urging the Federal Reserve to drop a proposed rule that would require credit-card issuers to consider only a borrower's "independent" income rather than household income.”
HarborOne letter blames retailers for security breach – news.bostonherald.com – 12/30/10 – “Brockton’s HarborOne Credit Union has poked a hornet’s nest by urging customers whose Visa debit-card accounts were recently breached to lobby their congressmen to change laws so retailers will pay for replacing cards. The 15-branch HarborOne, which holds about $1.8 billion in assets, recently notified several hundred customers that their debit card numbers had been accessed by an “unauthorized party” at an unnamed vendor - and that customers needed new cards.”
Attackers walk with 4.9 million customer records in Honda breach – www.thetechherald.com – 12/29/10 – “Is Honda the latest victim of the Silverpop data breach? According to reports, American Honda Motor Company recently discovered that 2.2 million customers were impacted by a data breach exposing the Owner Link email list maintained by an outsourced vendor. In addition, a further 2.7 million records were lost when the My Acura list was hit.”
Two men arrested for skimming ATM machine in San Luis Obispo – KSBY San Luis Obispo News – www.signaltelevision.com – 12/23/10 – “Two men arrested for skimming ATM machine in San Luis Obispo KSBY San Luis Obispo News Upon investigation, detectives found evidence of a skimming operation at an ATM machine in the 400 block of Madonna Road. Detectives kept an eye on the area … Men Arrested for Alleged Skimmers Santa Barbara Edhat Two men arrested on suspicion of skimming debit cards in San Luis Obispo San Luis Obispo Tribune (blog) all 8 news articles”
New Scam Sweeps Twin Cities Aimed At Holiday Shoppers – kstp.com – 12/22/10 – “West St. Paul police recently arrested Brandon Reed for skimming credit cards. He was an employee at the West St. Paul Wal-Mart on Robert Street. Police say Reed had a skimmer in his pocket just feet from customers. They say he would skim, or scan, the customers credit card, when the customer was not watching. Essentially, police say, Reed was putting their credit card information on a computer chip and then downloading it to another computer where he could use the information to fraudulently make credit card purchases.”
THE DURBIN AMENDMENT A First Analysis of the Draft Rules – www.mercatoradvisorygroup.com – 12/21/10 – “The wait was over for thousands of observers who logged in to the Federal Reserve Board webcast on Thursday, December 16th where Chairman Bernanke and the rest of the Board listened to and questioned the Federal Reserve Bank staff’s initial interpretation of the Durbin Amendment. At 163 pages long, it will take more than a few days to analyze these draft rules, but here’s our first take on the potential market impact.”
Retailers Come Under Cyber Attack – www. – 12/21/10 – “Massive cyber attacks, last week, prompted organizations as large as McDonalds, Walgreens and Gawker Media to warn users that their personal information might have been compromised. In the case of the media firm Gawker, dozens of emails and associated passwords (used for leaving comments on the site) were hacked and posted publicly. Sites such as Amazon, Facebook and LinkedIn froze accounts associated with those e-mail addresses in an attempt to stop criminals from accessing the sites and modifying personal data.”
Data Breach Could Test Massachusetts Law – threatpost.com. – 12/21/10 – “The Massachusetts Attorney General has been notified that financial data on 1,800 residents were exposed in a database breach linked to CitySights NY, a sightseeing firm. The case could set the stage for enforcement of the State's nine month-old data privacy law.Financial data on 1,850 Massachusetts residents was among account information for 110,000 customers stolen from servers belonging to Twin America LLC, the parent company of CitySights NY, according to Amie Breton, Deputy Press Secretary in the Office of Massachusetts Attorney General Martha Coakley.”
Three men charged in Guelph ATM scam – swo.ctv.ca – 12/20/10 – “Guelph Police have charged three men after finding a card-skimming device at an ATM in a south end bank on Saturday. The device allows debit card information to be captured when a card is used at the ATM. Witnesses called police after the men were seen acting suspiciously close to the bank.”
Thieves Skimming Credit Cards, Stealing Thousands – www.fox2now.com – 12/20/10 – “Strangers could be spending your hard earned cash this holiday season and you might not even know it. Fox 2's Michelle Anselmo was "skimmed" over the weekend. Someone in Florida has assumed Michelle's identity and almost drained her checking account at a Jensen Beach "Toys R Us.”
SQL Injection Blamed for New Breach – www.bankinfosecurity.com – 12/20/10 – “The breach of a Web server that housed payment card data for a New York tourism company's website highlights security gaps in cardholder data protection. The online breach, which led hackers to cardholder information for 110,000 credit cards, was facilitated via SQL injection -- one of the most frequent modes of attack hackers use to illegally acquire payment-card details.”
Thinking Through Moves and Countermoves on the Durbin Chessboard – paymentsviews.com – 12/19/10 – “After months of speculation and hand-wringing, last Friday we finally got a relatively complete reading on how the Federal Reserve will likely implement the prescribed regulation of debit interchange and debit network competition.”
The Durbin Rules – Quick Takes on Impact by Domains and Players – paymentsviews.com – 12/17/10 – “At Glenbrook, we think (and teach!) about the payments industry by domains (the purpose of the payment) and players (users and providers). Our quick take on the impact of yesterday’s proposed rules on each is below.”
FBI may get involved in Treasure Coast debit card skimming– www.cbs12.com – 12/17/10 – “Police in Fort Pierce say they don't yet know how debit cards were compromised in a fraud that appears to have victims statewide. Fort Pierce police Detective Dave Cutie said investigators believe cards may have been "skimmed," or had their data captured and forwarded to criminals, at a gas station or convenience store.”
Washington Report: Fed Proposes Debit Card Swipe Fee Rules – www.nacsonline.com – 12/17/10 – “NACS called yesterday’s release of the Federal Reserve’s proposed rulemaking related to debit card swipe fees a “positive step” and said it will continue to push for the reforms demanded by Congress and consumers alike. While no interchange fees should be allowed on debit transactions, the Fed's proposal demonstrates real progress toward that reasonable goal — and parity between checks and debit cards.”
CitySights NY Hit by Security Breach – www.esecurityplanet.com – 12/17/10 – “A SQL injection attack on the web server of tour operator CitySights NY recently resulted in the theft of 110,000 customers' credit card data. "The security breach was discovered on or about October 25, when the firm’s web programmer noticed that unauthorized script had been uploaded to the server," according to DataBreaches.net. "The script appeared to have been uploaded on or about September 26, and between that date and October 19, there were a number of accesses to the customer database."”
Police: Man Used Card Skimmer, Girlfriends to Defraud Victims – kaaltv.com – 12/17/10 – “A credit card fraud operation that stole the credit card numbers from hundreds of victims without their knowledge and then used them at stores across the Twin Cities has been busted, police say, but the vast majority of victims still may not know their financial information was illegally used. "There are still probably a lot of victims out there that don't even know that they're victims," said Lt. Brad Sporny, head of the Minneapolis Police Department's Financial Crimes Unit.”
Hundreds of thousands affected in latest Ohio State breach – www.scmagazineus.com – 12/16/10 – “The Ohio State University (OSU) has notified hundreds of thousands of students and faculty members that their personal information was compromised by hackers who broke into a campus server. There is no evidence the data was stolen, however.”
Setting a Tokenization Standard – www.bankinfosecurity.com – 12/14/10 – “Many emerging payments technologies are already being deployed, but security standardization for a number of those technologies is lacking. Even the EMV chip and PIN standard, which has been on the market for a while, lacks certain levels of standardization where testing is concerned, says Troy Leach, chief standards architect of the Payment Card Industry Security Standards Council. Leach says the PCI Council is taking inquisitive looks at tokenization, encryption and EMV, and is passing guidance down to merchants to ensure the solutions they invest in are secure.”
PCI changes, incremental step toward industry compliance – www.greensheet.com – 12/13/10 – “End-to-end encryption of payment card data is rapidly spreading throughout the payments industry, while fraud and breaches are on the rise. Within this environment, the PCI Security Standards Council (PCI SSC) recently released supplemental guidance about the technology behind end-to-end, or point-to-point, encryption and how it relates to the Payment Card Industry (PCI) Data Security Standard (DSS). Payment industry stakeholders are cautiously optimistic about the role the new guidelines will play in diminishing confusion associated with the PCI DSS. But this guidance does not appear to be moving quickly enough or offer sufficient details to keep up with rapidly evolving industry demands.”
Possible ATM skimming investigated after customers report losses at Fifth Third – www.ohio.com – 12/1/10 – “A second bank in Northeast Ohio is investigating a type of fraud involving its ATM or debit cards known as ''skimming.'' A Fifth Third Bank spokeswoman confirmed Thursday that the bank is aware of a skimming concern and is working with authorities.”
Privacy project uses cryptography to reduce shared info – www.bbc.co.uk/ – 12/9/10 – “A project that could radically reduce the amount of personal information we share in our dealings has been revealed by IBM researchers. The ABC4Trust project is developing an "electronic wallet", with encrypted versions of all a person's details. A query by a device like a "chip and PIN" reader will involve only the information that is strictly necessary.”
Debit Card Interchange Fees and Routing– www.federalreserve.gov – 12/16/10 – “AGENCY: Board of Governors of the Federal Reserve System ACTION: Notice of proposed rulemaking SUMMARY: The Board is requesting public comment on proposed new Regulation II, Debit Card Interchange Fees and Routing, which (1) establishes standards for determining whether an interchange fee received or charged by an issuer with respect to an electronic debit transaction is reasonable and proportional to the cost incurred by the issuer with respect to the transaction and (2) prohibits issuers and networks from restricting the number of networks over which an electronic debit transaction may be processed and from inhibiting the ability of a merchant to direct the routing of an electronic debit transaction to any network that may process such transactions.”
Card skimmer found on Brighton ATM– bayside-leader.whereilive.com.au – 12/16/10 – “AN ATM skimming scam is operating in Bayside. An alert customer using a NAB machine on Bay St, Brighton noticed an anomaly and called police. Bayside detective Sen-Constable Daniel Sirianni said thanks to the awareness of the ATM user, the scam has been discovered.”
Best Buy Admits To Misleading Customers With Kiosks– www.storefrontbacktalk.com – 12/15/10 – “After more than three-and-a-half years of courtroom battles with the Connecticut Attorney General’s office, Best Buy on Monday (Dec. 13) admitted that its in-store kiosks tricked consumers out of Web price-matching and agreed to pay consumers in that state $399,000.”
2011 Card Skimming Fraud Threats– www.bankinfosecurity.com – 12/14/10 – “"What's interesting is that the criminals are now using cryptographic technology to protect the card information they steal, and that's posing challenges for detection and law enforcement," says Jeremy King of the PCI Security Standards Council.”
McDonalds customers warned over identity theft– www.tgdaily.com – 12/13/10 – “McDonalds customers may face something a lot nastier than greasy food, with the company warning that a hacker has gathered thousands of customer details.”
The Data Security Imperative: Moving Beyond PCI to Ensure Customer Protection– risnews.edgl.com – 12/12/10 – “PCI-DSS is all about protecting cardholder data, including the latest release, PCI-DSS 2.0. But shaping data security efforts solely around PCI can leave significant gaps. Download this RIS Thought Leadership paper to learn how a more comprehensive approach to data security can not only deliver compliance but also improve processes, lower costs and lower risks for the entire retail organization.”
Two charged with ATM fraud– www.winnipegsun.com – 12/10/10 – “A pair of alleged scam artists from Ontario were arrested in Winnipeg on Thursday and charged with trying to set up skimming equipment on an ATM.”
Mall retail co.: Attack may have compromised customer card data– www.bizjournals.com – 12/10/10 – “Genesco Inc.’s credit card processing information may have been compromised, the company revealed this morning.”
Blotter: City staff react to golf center computer breach– www.dentonrc.com – 12/10/10 – “Denton police worked to mitigate the effects of a city computer breach that compromised credit cards of seven customers of a municipal golf center.”
Genesco Suffers Criminal Computer System Intrusion– www.prnewswire.com/ – 12/10/10 – “Genesco Inc. announced today that it suffered a criminal intrusion into the portion of its computer network that processes payment card transactions for its United States Journeys, Journeys Kidz, Shi by Journeys and Johnston & Murphy stores, and for some of its Underground Station stores. The Company took immediate steps to secure the affected part of its network, believes the intrusion has been contained and is confident that its customers can safely use their credit and debit cards in the Company's stores. ”
Brookfield area residents victims of fraud– www.trurodaily.com – 12/9/10 – “A debit card skimming scam is creating a stir in this South Colchester community. Several people in the Brookfield area have been victims of debit card fraud, resulting in thousands of dollars being stolen from accounts from various banking institutions.”
Lower Debit Interchange Rates May Mean Higher ACH Debit Rates, Aite Says– www.americanbanker.com/ – 12/8/10 – “With debit card interchange rates expected to go down next year, rates for automated clearing house debits could go up as financial institutions attempt to make up for lost revenue, new research suggests.”
PCI Guidance and Emerging Tech– www.bankinfosecurity.com/ – 12/2/10 – “Bob Russo, GM of the PCI Security Standards Council, says simply that PCI security standards are maturing "gracefully." In fact, Russo says the global payments community is pleased with the standards, which is why the council decided to make no significant changes this time around.”
Several Chase customer accounts compromised across Indianapolis– www.fox59.com – 12/8/10 – “In 48 hours, several Chase accounts have been compromised across Indianapolis leaving the company's security team investigating the source.”
Eftpos fraud triples in one year – www.startupsmart.com.au – 12/8/10 – “Eftpos fraud has almost tripled in the last financial year due to skimming and electronic forgery, according to new figures from the Australian Payments Clearing Association.”
A New Era of Compliance– www.rsa.com – 12/8/10 – “Although enforcement of existing regulations has been weak in many jurisdictions worldwide, regulators and standards bodies are now tightening enforcement through expanded powers, higher penalties and harsh enforcement actions.”
U.S. Bank allegedly concealed data breach– www.startribune.com. – 12/7/10 – “A tiny mom- and daughter-owned company in Arizona is taking aim at U.S. Bank in a class-action lawsuit that alleges the bank failed to protect them and countless other online merchants from crooks who breached the bank's credit card database.”
Credit, debit card fraud in Australia tops $180m– www.theaustralian.com.au – 12/7/10 – “Overall, fraud on all types of payment cards rose to 35 cents from 33c in every $1000 transacted, comparatively low by world standards, according to Australian Payments Clearing Association statistics released today.”
Crisis Communication During a Data Breach: 5 Best Practices– www.beckershospitalreview.com – 12/3/10 – “A healthcare data breach can prove costly to an organization's bottom line and its reputation. Here are five best practices for crisis communication during a breach.”
Credit Cards At Risk from High-Tech Pickpockets?– www.cbsnews.com – 12/3/10 – “It's supposed to make paying for things faster and easier - just wave your credit or debit card over a scanner and you've paid. But now some worry that radio frequency identification (RFID) technology is also making it easier for crooks to rip you off.”
For the Industry, By the Industry.– www.eiseverywhere.com – 12/3/10 – “The PCI 360 Education Program is a complimentary initiative offered by MasterCard to raise awareness and promote the adoption of PCI.”
Stuxnet to Gonzalez to Snoop: The year in lists– www.scmagazineus.com – 12/1/10 – “2010 was a long year. So for those wanting to take a ride down memory lane, SC Magazine figured we'd take some of the work out of the trip for you by compiling lists of the top breaches, threats, acquisitions, law enforcement activity and bizarre incidents that dotted the IT security landscape this year.”
Your IT Decision-Maker's Technology Toolkit – resources.aberdeen.com – 12/1/10 – “The data center is changing. Key information workers rely on timely access to critical data and software applications wherever and whenever they need it. Disruptive technologies such as cloud computing, on-demand software delivery models, virtualization, unified communications, and social and collaborative networking platforms offer both a challenge and an opportunity.”

November 2010

Beware toll gate card scams – www.timeslive.co.za – 12/1/10 – “"Pay cash. Do not let your card out of your sight," advised Susan Potgieter, head of the Banking Risk Centre's commercial crime unit, yesterday.”
Security Watch– www.americanbanker.com – 12/1/10 – “A New Jersey man allegedly stole a POS terminal at a supermarket and used it to steal $80K from the store”
Hackers Hit Hotels, Steal Credit Card Numbers from Guests– www.myfoxchicago.com – 12/1/10 – “Whether your holiday travel plans include planes, trains, or automobiles, odds are, when you arrive at a hotel, you'll pull out a credit card to pay for it. That's what Chicagoan Nick Percoco did on his recent trip to Toronto.”
Thefts reported at Hasbrouck Heights ATM – www.northjersey.com/ – 11/30/10 – “Authorities are still unclear what type of device was used by thieves to siphon money from Bank of America customer accounts through an automated teller machine.”
Skimming device found at Forest Hill ATM – www.mytowncrier.ca – 11/30/10 – “Bank fraud was reported at a local ATM in the Bathurst Street and St. Clair Avenue West area by revealing a skimming device that was installed into the machine.”
Acquirers Rush In Where PCI Fears To Tread: Mobile– www.storefrontbacktalk.com – 11/29/10 – “As retailers implement plans for mobile commerce, they are running into a frustrating situation: the PCI Council is not validating any mobile apps. Interestingly, it’s the same roadblock that stymies the developers of those same retailers’ mobile payment applications and their PA-QSAs.”
Seattle Fraud Spree: Case Grows– www.bankinfosecurity.com – 11/29/10 – “Federal authorities now say the recent Seattle cyber attack was a much bigger crime than first believed. A U.S. Secret Service agent says more than 1,000 credit and debit cards may have been compromised.”
WikiLeaks Disclosure: Clinton ordered spying operation on UN diplomats– www.dailyindia.com – 11/29/10 – “The United States reportedly ordered a spying operation on diplomats at the United Nations, including British officials, in apparent breach of international law, disclosures by the WikiLeaks web site reveal.”
Two arrests made in Vancouver area debit skimming fraud– www.canada.com – 11/26/10 – “Police have arrested two suspects, and issued a Canada-wide warrant for a third man, in connection with a sophisticated debit and credit-card skimming operation that robbed hundreds of people throughout the Lower Mainland of their cash.”
Skimming: credit cards - and profits– www.fastcasual.com – 11/26/10 – “Credit card skimming in the restaurant industry is becoming more exposed as high-dollar theft cases are being made against restaurant workers. Recently in the Minneapolis – St. Paul area, seven employees were charged with stealing customer credit card information from those they served in the restaurant.”
Calls for compulsory data breach law v2.0– www.itnews.com.au – 11/25/10 – “Australia needs laws to force organisations to own up to data breaches and clean up after their mess, delegates to an information security conference were told today.”
Police Officer victim of debit card skimming– sterlingsavingsbank.feedarticle.com – 11/25/10 – “Saanich – the same person who is the public on crime and fraud in Saanich notification of a victim. Last weekend, Saanich police Sgt. Julie Fast search of a muffin for $ 2 when his credit card was declined to buy. On examination, he found that his account had been frozen by your bank.”
Law enforcement warns about 'skimming' devices at gas pumps in Colorado– www.kdvr.com – 11/25/10 – “Grand Junction police are checking pumps at area gas stations after finding so-called "skimming" devices that obtain account information when people use debit or credit cards.”
Customers still reporting card fraud– www.thetelegraph.com – 11/24/10 – “Reports of fraudulent credit card transactions continued to come in Wednesday as customers of a few local banks reported they had been notified of transactions on their cards at places they never visited.”
Grand Junction police target 'skimming' devices that grab credit card data at gas stations– www.kdvr.com – 11/24/10 – “Grand Junction police are checking pumps at area gas stations after finding so-called "skimming" devices that obtain account information when people use debit or credit cards.”
Man charged with stealing $80G from Linden ShopRite in gift card scam– www.mycentraljersey.com – 11/24/10 – “An Elizabeth man has been charged with stealing a machine from ShopRite that allowed him to fraudulently load some $80,000 on to blank gift cards, police said.”
Police bust debit card cloning operation– montreal.ctv.ca – 11/16/10 – “Three men have been arrested in connection with a debit card cloning scheme.”
iPad scam could breach user's data security– www.ontrackdatarecovery.co.uk – 11/16/10 – “UK consumers have been warned that they could suffer lost data if they fall victim to scams this Christmas.”
Credit Card Details Stolen from ECS Learning Systems Customer Database– news.softpedia.com – 11/16/10 – “ECS Learning Systems, a seller of K-12 state-specific test prep materials, has sent notification letters to 1,300 customers after unidentified attackers hacked into its customer database and stole credit card data.”
Florida hospital admits to data breach affecting 1500 patients– www.infosecurity-us.com – 11/15/10 – “A data breach at Holy Cross Hospital in Ft. Lauderdale, Fla., resulted in the theft of sensitive information concerning 1500 patients who visited the hospital’s emergency room.”
Bank fraud widens to Albany– www.walb.com – 11/12/10 – “Police have a warning for anyone with a debit card: check your account. Widespread debit card fraud in Sylvester has spread to include some Albany banks. More than 100 people may have fallen victim. Investigators are still working on a common link to all the unauthorized transactions.”
Agents Pinpoint Source Of Capitol Hill Credit, Debit Account Hackings– www.kirotv.com – 11/12/10 – “More than 100 people on Capitol Hill have recently had their debit and credit card accounts hacked into.”
Secret Service: Credit card fraud wave tied to 'one Capitol Hill restaurant'– capitolhillseattle.com – 11/12/10 – “Despite early uncertainty in the investigation that a wave of credit and bank card fraud centered in Capitol Hill was possibly tied to breaches at multiple businesses, investigating agents from the Secret Service's Electronic Crimes Task Force Seattle office have told KIRO they believe the breach is tied to only one restaurant:”
Protecting card data at the point of sale – www.networkworld.com – 11/11/10 – “There is no shortage of security standards when it comes to protecting the payment transaction life cycle.”
Visa Classifies Corporate Franchisors As Third-Party Agents– www.storefrontbacktalk.com – 11/11/10 – “Last week Visa officially brought corporate franchisors into the world of Level 1 merchant service providers by requiring them to register as Third-Party Agents, with all that that implies.”
Identity theft ring breaches Holy Cross Hospital– www.sun-sentinel.com – 11/11/10 – “An identity theft ring managed to breach emergency room files at Holy Cross Hospital to steal Social Security numbers and personal details of about 1,500 patients, officials said Wednesday.”
Visa Stats: Franchisee Security Changing, But Not Necessarily Improving– storefrontbacktalk.com – 11/11/10 – “Newly released Visa stats on franchisee security breaches suggest a maturing of the security space, but not necessarily maturing into a more secure arena. The figures paint a picture more akin to burglaries that move from picking door locks to climbing into windows when confronted with more sophisticated door locks. Is it better? Not necessarily. But it’s different.”
Visa Classifies Corporate Franchisors As Third-Party Agents– storefrontbacktalk.com – 11/11/10 – “Last week Visa officially brought corporate franchisors into the world of Level 1 merchant service providers by requiring them to register as Third-Party Agents, with all that that implies. At one level, the increased visibility, attention to PCI compliance and stricter validation regime should reduce data breaches at unsecure franchise locations.”
PayPal Closes Security Hole, But Now How Can It Get iPhone Users To Upgrade?– storefrontbacktalk.com – 11/11/10 – “Success in mobile commerce depends on getting millions of copies of smartphone apps to customers—which is great if you get the details just right. But last Thursday (Nov. 4), PayPal had to rush out a new version of its mobile payments iPhone app.”
Five Star Bank hit by debit-card fraud– www.buffalonews.com – 11/11/10 – “A debit-card security breach at a discount grocery chain that operates in 11 states is costing Five Star Bank as much as $850,000 in fraud losses. ”
International Credit Card Processing Site Hit by Phishing Scam – www.securitynewsdaily.com – 11/11/10 – “A phishing scam is targeting the website of Global Payments, an Atlanta-based company that processes credit card transactions for businesses throughout the world. ”
Did Malware Take the Banks Down?– www.bankinfosecurity.com – 11/10/10 – “Malware is likely to blame for the so-called "computer glitch" that over the weekend took down a handful of the country's largest banks' ATMs and online banking sites.”
Credit card fraud ring busted in Benton– www.fox16.com – 11/10/10 – “Four people wanted for forgery charges across the state and possibly across the country have been caught thanks to the Benton and Bryant police.”
Credit card fraud wave update: ATM skimming ring busted on Eastside– capitolhillseattle.com – 11/10/10 – “As incidents of credit card-related shenanigans continue to ripple -- at a slower pace -- across the Hill, authorities have announced arrests in an Eastside ATM rip-off ring.”
U Hawaii Data Breach Hits 40,000 Students– www.campustechnology.com – 11/10/10 – “The University of Hawaii system has just suffered its third major data breach in two years. The latest one exposed Social Security numbers and numerous other personal details on 40,101 students who attended U Hawaii Manoa between 1990 and 1998 and in 2001. ”
Area bank warns of security breach– www.wpsdlocal6.com – 11/10/10 – “An area bank issued an important warning to take a closer look at your bank accounts, informing customers of a security breach.”
This Time It’s Personal: Cyberthieves Attacked Forever 21 Partially Because Their Clothes Were “Poorly Made”– storefrontbacktalk.com – 11/10/10 – “Cyberthief Extraordinaire Albert Gonzalez’s crew targeted at least one of the retail chain victims they hit partially because they didn’t like the chain. Forever 21 was targeted because “the clothes were poorly made and the employees were poorly paid,”Gonzalez Co-Conspirator Patrick Toey is quoted as saying in a profile of Gonzalez by The New York Times Magazine.”
Romanian jailed for ATM fraud– www.examiner.ie – 11/09/10 – “A Romanian man who stole cash from a Dublin ATM with cloned credit cards has been sentenced to three years in jail with the final 18 months suspended.”
Card skimmers go undercover– www.vvdailypress.com – 11/09/10 – “It’s a task many people perform every day, multiple times a day without thinking, and crooks are banking on that automatic response in order to scam victims out of their money.”
McDonalds contactless card rollout to lower skimming risk– www.itnews.com.au – 11/9/10 – “McDonald's Australia will switch on contactless credit card technology this month that enables it to charge cards from up to five centimetres away.”
Capitol Hill credit card fraud wave update: Latest totals, inside a 'flash attack'– capitolhillseattle.com – 11/8/10 – “Reports of financial fraud across Capitol Hill and the entire Seattle area continue to be above normal levels as the impact of a bank and credit card rip-off scheme that targeted at least one neighborhood restaurant point of sale system continues to be felt even as Secret Service investigators have identified and "addressed" breach points.”
Scam alert! Worry over flood of 'scanning devices'– www.jamaica-gleaner.com – 11/7/10 – “HEAD OF the Organised Crime Investigation Division (OCID), Superintendent Fitz Bailey, has raised concerns about the absence of a regulatory framework to prevent unscrupulous persons from importing equipment used in the local multimillion-dollar debit-card scam. ”
Analysts Warn of 'Flash Attacks'– blogs.bankinfosecurity.com – 11/7/10 – Gartner analyst Avivah Litan recently wrote of a new kind of "flash attack" she's hearing of from banks. And last week Jasbir Anand, a fraud analyst at ACI Worldwide, described "blitz attacks," where mass data compromises of stolen card accounts are used overseas, all in a short time period, much like the card breach that led in February 2009 to $9 million being stolen from RBS WorldPay cardholders. ”
Credit-card-fraud scheme broken up on Seattle's Capitol Hill– seattletimes.nwsource.com/ – 11/5/10 – “Late last week, Seattle police passed along information to federal agents that pointed to a high-tech credit-card-fraud scheme on Capitol Hill.”
Capitol Hill credit card fraud wave tied to Broadway Grill– www.capitolhillseattle.com – 11/4/10 – “The investigation into more than 100 reported cases of credit card fraud across Capitol Hill has identified a Broadway restaurant as one "point of interest.”
Capitol Hill credit card fraud wave 'adjudicated' -- Secret Service task force claims break in case– www.capitolhillseattle.com – 11/1/10 – “A special task force that combines Secret Service investigators with local law enforcement experts has made a major break in the case of a large wave of fraudulent activity involving credit card accounts belonging to people who live and work on Capitol Hill, CHS has learned.”
Visa under fire for new debit card– www.thestar.com – 11/5/10 – “Canadian Imperial Bank of Commerce’s new Visa-branded debit card is operating in violation of the federal government’s new voluntary code of conduct for the payments industry, the Star has learned.”
Sylvester warns of widespread debit card fraud– www.walb.com – 11/4/10 – “There's widespread debit card fraud in Sylvester, police tell us it affects customers at every bank in town. So far, more than 40 people have contacted police, reporting thousands of dollars missing from their accounts.”
PCI: Small Merchants Need to Catch Up– blogs.bankinfosecurity.com – 11/4/10 – “Why has industry-wide compliance with the Payment Card Industry Data Security Standard proved so challenging? PCI-DSS is not new -- the standard is six years old. And changes to the standard, though somewhat significant during the early days, have not, as of late, been so dramatic. ”
PCI Compliance and Level 4 Merchants– www.paymentsnews.com – 11/3/10 – “According to a new survey conducted by ControlScan and Merchant Warehouse, Level 4 Merchants (small-to-medium sized businesses) are all over the map on PCI awareness and compliance. 91% of the larger Level 4 merchants (over 50 employees) are familiar with PCI DSS, but only 45% of the smaller merchants (1-10 employees) are familiar.”
Fraud Spree Strikes Seattle– www.bankinfosecurity.com – 11/3/10 – “A spree of payment card fraud incidents at multiple retail locations in Seattle has prompted an investigation by law enforcement authorities. And security experts say these crimes can be expected to happen more frequently as credit/debit card fraud evolves. ”
Card skimmers compromise debit cards– www.bclocalnews.com – 11/3/10 – “Some clients of Island Savings Credit Union were surprised last week to learn their debit cards had been cancelled after their banking information was stolen by card skimmers.”
RSA Unveils New Solution to Deliver End-To-End Data Security– www.paymentsnews.com – 11/3/10 – “RSA has announced the general availability of the RSA Data Protection Manager, which "combines tokenization and application encryption, two popular application-based controls, with advanced token and key management to deliver end-to-end data security."”
Fraud Spree Strikes Seattle– www.bankinfosecurity.com – 11/3/10 – “A spree of payment card fraud incidents at multiple retail locations in Seattle has prompted an investigation by law enforcement authorities. And security experts say these crimes can be expected to happen more frequently as credit/debit card fraud evolves. ”
Con couple lived off others' credit– timesofindia.indiatimes.com – 11/2/10 – “A young couple which, driven by dreams of a luxurious life, began swindling people by copying their credit card details and making huge purchases on these, was arrested by the police on Sunday. The number of victims defrauded by the duo is yet to be ascertained but an initial probe has revealed that the amount they made by selling the goods bought on the credit cards ran into lakhs of rupees.”
Secret Service on Seattle fraud investigation– blog.seattlepi.com – 11/1/10 – “Seattle police are working with the Secret Service regarding more than 100 reports of fraudulent credit card charges in Seattle. Most of the cases occurred on Capitol Hill and customers of several banks were victimized.”
2010 Verizon Payment Card Industry Compliance Report Webinar– www.verizonbusiness.com – 11/1/10 – “In our just-released 2010 Payment Card Industry Compliance Report, the Verizon PCI and Risk Intelligence teams analyse the progress of organisations toward the goal of compliance. The report features topics such as how and why some organisations seem to struggle more than others, and which PCI DSS requirements are most and least often in place.”
WellPoint Sued by the State of Indiana over Late Breach Notification– news.softpedia.com – 11/1/10 – “The State of Indiana is suing WellPoint, one of the largest health insurance providers in the United States, for failing to notify customers affected by a data breach in a timely manner.”
New Retail Security Standard Leaves Out Mobile Payment Methods – www.nacsonline.com – 11/1/10 – “The second edition of the Payment Card Industry (PCI) Data Security Standard (DSS) did not take into account newer mobile payment options, such as Square, Network World reports. The Square app, plus a plastic card reader, turns a retailer’s mobile phone into a cash register. ”
eCommerce PCI security standards completely revised– www.ecommercenews.org – 11/1/10 – “Due to come into full force in January 2011, multiple revisions of the PCI (Payment Card Industry)'s major Internet security standards were published on Oct. 28th, following more than five months of complex negotiations and at many levels.”
ATM Fraud: Skimming is #1 Threat– www.bankinfosecurity.com – 11/1/10 – “Will 2011 be "The Year of the Skimmer?" After an uptick in skimming incidents already in 2010, security experts say that we will see even more skimming in the United States in the months ahead, particularly against ATMs.”

October 2010

EMV, Top 5 Tech Advances in Payments– www.bankinfosecurity.com – 10/31/10 – “Payments technology is rapidly changing. In the United States, discussions and debates are increasingly heating, as regulators, innovators and industry analysts search for more secure and convenient ways for consumers to conduct financial transactions. ”
Reports of debit, credit card fraud hitting midstate consumers– www.macon.com – 10/31/10 – “More than 100 downtown Macon consumers in recent weeks have fallen victim to a crime that’s become far too common in the midstate — debit and credit card fraud.”
An End to Pay-At-The-Pump Skimming?– blogs.bankinfosecurity.com – 10/29/10 – “October has been a busy month. PCI updates, the Mobile Financial Services Forum (#MobileForum on Twitter), Zeus attacks and identity theft.”
Getting ROI From PCI Security: Can It Be Done?– storefrontbacktalk.com – 10/28/10 – “One of the most frustrating truths in retail security is that, by definition, it has no meaningful return on investment—at least not in the sense that CFOs and board members view ROI.”
Banks Weak Against Credit Card Skimming Attacks – www.informationweek.com – 10/28/10 – “Gartner warns that anti-skimming standards and technologies aren't keeping up with recent spate of attacks, which can quickly net individual gangs $500,000 a month. ”
Civic Center credit card breach may be a computer hack– www.9wsyr.com – 10/28/10 – “Investigators believe the scammers used either a skimming device or a computer hack to steal credit and debit card information from victims that had used their cards at the Onondaga County Civic Center. Police have now heard from more than 60 victims.”
Fraudsters Find Holes in Debit Card Fraud Detection– www.pcworld.com – 10/27/10 – “Over the last few weeks, criminals have been exploiting weak fraud detection systems used for debit cards with "flash" attacks, where hundreds of withdrawals are made over a very short period of time.”
Credit and Debit card mastermind arrested– go-jamaica.com – 10/27/10 – “The Jamaican police are reporting that they have arrested a suspected mastermind behind a major credit and debit scam. Forty-seven-year old Kirk Powell, a club operator of Montego Bay was arrested and charged on October 19 with conspiracy to defraud. ”
Payments Without Card Numbers– blogs.bankinfosecurity.com – 10/27/10 – “Payments security comes up quite a bit these days. From mobile payments to the U.S. EMV chip migration to tokenization and end-to-end encryption, the payments space is evolving. In many ways, the United States is working to catch up with Europe, and facilitate a more open and global payments infrastructure. ”
Macon Police Investigating Wave of Card-Fraud Cases– www.13wmaz.com/ – 10/27/10 – “Macon police say they've asked the Secret Service to help them investigate a wave of credit and debit-card fraud cases. Sgt. Keith Woodford says they've gotten more than one hundred of reports in the past two weeks and said he reviewed 15 new cases Wednesday morning.”
PCI Security Standards Council Issues Guides On End-to-End Encryption for Transactions– blogs.csoonline.com – 10/26/10 – “If you follow PCI developments at all, you no doubt have heard of the new end-to-end encryption guidance released a couple of weeks ago by the PCI Security Standards Council. The Council observed there are no clear standards for encryption for every step of the transaction process. To assist merchants and others in better complying with the PCI Data Security Standard, the Council has issued this guidance. ”
Can TCF Stop Durbin? – www.pymnts.com – 10/26/10 – “Last week we heard how TCF planned to stop Durbin dead in its tracks. Not so says the National Retail Federation’s lead lawyer Mallory Duncan. For another take on TCF’s legal gambit we talk to him and legal expert Ron Mann.”
Norwegian authorities release foreign criminals– theforeigner.no – 10/26/10 – “The Norwegian Supreme Court has ruled in favour of releasing a man jailed for possession of cash point skimming equipment. A legal loophole means foreign criminals can import hardware to commit fraud.”
Credit card scammer found on HSBC cash machine in Potters Bar– www.times-series.co.uk – 10/26/10 – “POLICE are appealing for information after a device to scam cash point users was found in Potters Bar. A vigilant woman alerted police on Saturday afternoon, after she spotted something suspicious attached to a HSBC machine, in Darkes Lane. ”
Charges filed in arrests at Villa Park motel– www.dailyherald.com – 10/26/10 – “Villa Park police have filed several misdemeanor charges against three Ohio men apprehended last week at a Motel 6.”
Three Arrested After Credit Card Skimmer Investigation– 920kvec.com – 10/25/10 – “Three people have been arrested following a counterfeit credit card investigation in San Luis Obispo. Officers said they received several reports in recent weeks about fake credit cards and skimmer devices, which are used to steal person information. Upon further investigation, they anticipated the suspects to be at the Radio Shack on Madonna Road on October 15.”
Data security takes a layered approach– www.fastcasual.com – 10/25/10 – “Restaurant operators’ main areas of focus are usually on providing quality food and a memorable customer experience. However, memories of great service and food are quickly erased if a customer’s cardholder data is stolen.”
PCI tokenization guidance nearing completion– searchsecurity.techtarget.com – 10/25/10 – “The Payment Card Industry Security Standards Council (PCI SSC) is nearing completion of a new PCI tokenization guidance document, outlining how merchants can use the fledgling technology in the payment process.”
Chip-and-PIN crack code released as open source– www.zdnet.co.uk – 10/25/10 – “Cambridge University research student Omar Choudary open-sourced and published the code on Wednesday, along with technical details of hardware used in the Smart Card Detective, a device he built and used to modify a transaction between a credit card and a reader. ”
Charges filed after raid on Villa Park motel– abclocal.go.com – 10/23/10 – “Initial concerns that a small cell of Sudanese terror suspects had taken up residence in a west suburban motel were unfounded, according to Villa Park Police officials. ”
Three arrested after detectives allegedly find them with fake credit cards, gas pump skimmers in San Luis Obispo– www.sanluisobispo.com – 10/22/10 – “Three people were arrested in San Luis Obispo earlier this month after allegedly trying to use fake credit cards at Radio Shack.”
3 arrests in alleged fake credit card, gas pump skimmer scam in SLO– www.thesbnn.com – 10/21/10 – “Three people were arrested in San Luis Obispo earlier this month after allegedly trying to use fake credit cards at Radio Shack.”
Judge Clears CAPTCHA-Breaking Case for Criminal Trial– www.wired.com – 10/19/10 – “A federal judge in New Jersey has cleared the way for a landmark criminal case targeting CAPTCHA circumvention to proceed to trial.”
PCI: Smaller Merchants Threatened– www.bankinfosecurity.com – 10/19/10 – “The Payment Card Industry's Security Standards Council may be doing a good job helping lock down larger retailers, but the smaller "Mom and Pop" merchants are becoming the new targets of cyber criminals, says a PCI expert. ”
Time to Dust Off That Breach Disclosure Plan– www.technewsworld.com – 10/19/10 – “When the topic of data breaches gets raised, executives usually point to the extensive planning the company did years ago, supposing the presumptions and conditions that existed back when the plan was laid out are still valid today. But as the risks change, our planning should change. It's important that we continuously re-evaluate our planning based on the most current understanding of the risks involved.”
WEBINAR: A New Era of Cybercrime: Are you a Target? – www.rsa.com – 10/19/10 – “Do cybercriminals have their sights set on you? Most organizations don’t realize they are at risk of a cyber attack until it happens. Today, cybercrime is indiscriminate – and it is not just an issue for the banking industry anymore. If you hold credit card data or any kind of personal information, you are a likely – and lucrative – target.”
Fighting back: Good news on the law enforcement front– portalsandrails.frbatlanta.org – 10/18/10 – “I've noticed that blogs by their nature tend to focus on pointing out problems, this blog included. But I think it's also important to identify progress and celebrate victory in a society that appears to approach every topic from a negative angle. So here goes!”
ATM Skimming: How to Spot, Avoid – online.wsj.com – 10/10/10 – “The next time you pull up to an ATM, take a closer look at the machine. Does it look a little clunkier than usual? Look too at what's around you: Are there mirrors? Is there a brochure holder over your shoulder? Does it look like there might be a false panel or an extra light bar attached to the machine?”
Debit card skimming scam disguised as new spa in Edmonton– www.oyetimes.com – 10/16/10 – “EPS Economic Crimes Section detectives have received several reports from people who have fallen victim to an apparent card skimming scam disguised as offering reduced-rate services at a spa that doesn’t exist.”
Convenience store gas pump in Benicia used in skimming scam– www.timesheraldonline.com – 10/16/10 – “A gas pump at the 7-Eleven on Military East in Benicia was among seven found in Northern California to have had devices surreptitiously installed to steal money from ATM and credit card users, the California Attorney General's Office announced.”
Police Notebook: Airdrie bank ATM compromised by skimmers – www.airdriecityview.com – 10/15/10 – “The Airdrie RCMP is requesting the public’s assistance in locating two men who installed a “skimmer” on a local bank’s ATM machine.”
Skimming device found at Stirling bank – www.stirlingobserver.co.uk – 10/15/10 – “BANK customers are advised to be vigilant after an illegal skimming device was found at a cash machine in Stirling.”
TCF Bank Challenges The Durbin Amendment – What Does it Mean?– paymentspulse.com – 10/15/10 – “On Tuesday, TCF National Bank filed a federal lawsuit challenging the constitutionality of the Durbin Amendment. The Amendment, as part of the Dodd-Frank financial reform bill Congress passed in July, regulates debit card interchange beginning next year. ”
How Credit Card Security Standards Are Changing– blogs.forbes.com – 10/14/10 – “Does your business accept credit and debit cards? Then take note: The minimum standards for securing those payment methods and avoiding data breaches may be shifting.”
Hackers waiting for IP addresses to run out– www.securecomputing.net.au – 10/14/10 – “Cyber criminals are ready to pounce when current IPv4 web addresses run out and firms migrate to IPv6, a security firm warns.”
Former White House security advisor accuses countries of sponsoring cyber crime–www.securecomputing.net.au – 10/15/10 – “Some Eastern European countries have been called 'cyber sanctuaries' that refuse to cooperate with Western Europe and the United States, and that sponsor state hacking.”
Bugat is New Malware of Choice– www.bankinfosecurity.com – 10/14/10 – “Last week's LinkedIn phishing attack didn't deliver Zeus, the best-known and widely distributed Trojan, say malware researchers, but instead delivered its less well-known cousin, Bugat. ”
Police Beat: Attorney of accused teen wants identity of informant revealed– www.pnj.com – 10/14/10 – “The attorney for a teenager accused of selling stolen guns wants the State Attorney's Office to reveal the identity of a confidential informant in the case. A temporary restraining order filed against an Escambia County deputy had been dropped. A former waitress sentenced to 11 months and 15 days in jail wants her sentenced reduced.”
Is Point-To-Point Encryption Ready For Prime Time? – www.storefrontbacktalk.com – 10/14/10 – “Are you looking at point-to-point encryption? Maybe you should. From vendor presentations to Congressional testimony, point-to-point encryption (or P2PE, to use the PCI Council’s unfortunate acronym) has been hailed as the merchant’s PCI savior. Is it really?”
Skimming Attacks at European ATMs Rise 24%, Although Related Losses Fall 8% – www.allmediascotland.com – 10/13/10 – “The latest European ATM Crime Report published by EAST (the European ATM Security Team), shows a 24% increase in card skimming attacks at European ATMs. 5,743 attacks were reported for the period January to June 2010, compared with 4,629 for the same period in 2009. For the same periods, skimming related losses fell from €156 million to €144 million.”
Three men charged with stealing $150,000 in gas pump-skimming scam– www.mercurynews.com – 10/13/10 – “Three Los Angeles men who were arrested in February in a gas pump credit card-skimming sting were charged with dozens of counts of identity theft by the California Attorney General's Office on Wednesday.”
Hacker gets confidential info from MDs' website– www.winnipegfreepress.com – 10/13/10 – “Manitoba doctors are being warned their credit card information and patients' complaints could fall into the wrong hands after an online attack a month ago. A hacker accessed confidential information on the College of Physicians and Surgeons of Manitoba website Sept. 11, said registrar Dr. Bill Pope.”
Tokenization: A PCI Sidestep– blogs.bankinfosecurity.com – 10/12/10 – “In theory, tokenized payments are quite secure. When a payment transaction is initiated, the credit or debit card number is replaced with a token, which ultimately is assigned either to a specific transaction or a card number. When the transaction is processed, the card information associated with the token is used, rather than the card number itself. Thus, if a transaction is somehow intercepted or a database compromised, the only thing fraudsters get their hands on is the token. ”
Credit card fraud at lowest level in 10 years– www.thinkmoney.com – 10/12/10 – “According to the UK Cards Association, total fraud losses on credit cards and debit cards dropped by one fifth year-on-year during the six months to the end of June, The Telegraph reports, taking card fraud down to its lowest level in ten years.”
PCI Compliance Means Getting Your App Security Together – www.darkreading.com/ – 10/12/10 – “Many companies' applications still don't meet the security standards outlined in the Payment Card Industry (PCI) Data Security Standards, according to a recent study. ”
NACS Launches New Tamper-Evident Label Program– www.cspnet.com – 10/12/10 – “NACS has launched "We Care...About Your ID," a new program to help members develop preventative measures against ID fraud. The program was introduced during the NACS Show in Atlanta.”
Grocer Aldi discloses breach of payment terminals– www.scmagazineus.com – 10/12/10 – “Grocery chain Aldi is warning customers that their payment card information may have been stolen after fraudsters placed altered point-of-sale terminals at a number of Aldi stores in 11 states. ”
Identity theft arrest made– www.crescentavalleyweekly.com – 10/11/10 – “Glendale police have arrested suspects on two separate cases concerning identity theft and fraud. Over 24 felony charges were filed last week against Vachik Kasumayan, 61, and Virab Torosyan, 48, both of Glendale.”
Card skimmer strikes at Gunwharf Quays– www.portsmouth.co.uk – 10/11/10 – “Police are praising the vigilance of the member of the public who reported it and are warning others to be on the look out when using ATMs. The device was found at around 2pm on Friday at the Lloyds TSB cashpoint next to Burger King.”
Aldi data breach shows payment terminal holes– www.computerworld.com – 10/7/10 – “A debit card breach disclosed late last week by discount grocer Aldi Inc. shows how hardware hacks are starting to pose as much of a threat to payment card data as software-based attacks.”
If Your Token Vendor Goes Bankrupt, What Happens To Your Data?– www.storefrontbacktalk.com – 10/7/10 – “What would you do if your tokenization vendor goes out of business or gets acquired by a company with a whole different approach to tokenization? This is the ever awkward but increasingly important question every IT executive looking at tokenization needs to ask.”
Dozens of debit/credit card numbers stolen in Porter County– www.nwitimes.com – 10/6/10 – “Valparaiso and Porter County police are alerting the public that dozens of people's debit/credit cards numbers have been compromised.”
Skim Scam: Did Aldi Invite 11-State Coordinated Attacks?– www.storefrontbacktalk.com – 10/6/10 – “When a gang of thieves physically tampers with point-of-sale systems, the tampering is usually a local operation. But that may be changing. Discount grocer Aldi said Friday (Oct. 1) that it has found tampered payment-card readers in stores in 11 states, spread from the east coast to Illinois.”
PCI Council Issues Guidance on EMV And Point-to-Point Encryption– www.digitaltransactions.net – 10/6/10 – “With end-to-end encryption of payment card data rapidly spreading throughout the credit and debit card industry and calls for the U.S. to replace magnetic-stripe cards with so-called EMV chip-and-PIN cards, the card industry’s security overseer is attempting to ensure that security standards change with the times.”
NACS Launches New Tamper-Evident Label Program – www.nacsonline.com – 10/5/10 – “NACS announced yesterday during the NACS Show the launch of “We Care…About Your ID,” a new program to help NACS members prevent ID fraud.”
Arrest Made In Davis Credit Card Fraud Scheme– www.kcra.com – 10/4/10 – “Police arrested a man in a credit card fraud scheme, in Davis, that has wracked up more than $100,000 in losses and dozens of victims.”
Fifty People Accused of Credit Card Fraud Arrested in Russia– news.softpedia.com – 10/4/10 – “Russian authorities arrested fifty people suspected of being members of an identity theft and credit card counterfeiting gang, who stole almost $2 million from local and foreign banks.”
More Arrests But Zeus Trojan Rules In Online Bank Fraud– www.eweekeurope.co.uk – 10/4/10 – “The arrests keep coming in connection with the cyber-crime ring that used the Zeus Trojan to steal millions from bank accounts. But the publicity is adding value to the exploit kit.”
First-of-its-Kind Verizon Report Finds Link Between Data Breaches and Failure to Comply with Payment Card Security Standards– www.prnewswire.com – 10/4/10 – “While credit card data breaches remain all too common, a new report from Verizon Business shows that following industry security standards can dramatically reduce such incidents.”
Cebu Credit Card Scam Ring Busted– www.mb.com.ph – 10/2/10 – “Authorities yesterday warned credit card owners to be extra careful when transacting business using their credit cards following the arrest of six people allegedly belonging to a “highly-organized” syndicate with capabilities to capture credit card users’ information and use fake cards from stolen data. ”
Why Smart Cards Are Coming to America– www.digitaltransactions.net – 10/1/10 – “Dismissed years ago as impossibly expensive, EMV-standard cards are suddenly top-of-mind in the U.S. One big reason: Though they are still expensive, the rising costs of fraud and PCI compliance are even more so. ”
Grocer Aldi says vandals compromised payments– www.google.com – 10/1/10 – “Grocery chain Aldi Inc. says the names, account numbers and secret codes of customers in 11 states were exposed to potential theft when they used payment cards at machines that had been tampered with.”
Local Authorities Report Rise In Credit Card Skimming– www.10news.com – 10/1/10 – “Authorities in San Diego are warning the public to beware of the rise in crimes related to credit card skimming.”
Ex-Waiter Accused Of Skimming Credit Cards– www.cbs4.com – 10/1/10 – “A former waiter at a Southwest Ranches restaurant is accused of stealing the credit card numbers of more than two dozen customers.”
Card Skimming Mr. Kanagaratnam from Scarberia– www.lankanewspapers.com – 9/30/10 – “Police have arrested an Ontario man in what they describe as a `very sophisticated` bank card-skimming operation in Winnipeg. ”
Retailers get break on technology update – www.brantfordexpositor.ca – 9/30/10 – “Visa and Mastercard have given Canadian retailers another six months to install microchip payment technology before making them responsibility for any losses from credit card fraud.”
Credit Card Fraud Surpasses $1 Billion in Half of 2010 – www.businessnewsdaily.com – 9/28/10 – “If your business accepts credit cards, you may want to beef up your credit card security systems because credit-card fraud for online, mail-order and telephone purchases has increased to “unprecedented levels” in the United States, according to new research.”
Signature Debit Not Going Away Soon, says Auriemma Consulting Group – www.businesswire.com – 9/28/10 – “Two years of massive overhaul of the payments industry came to a head on July 21, 2010 with the passage of the Wall Street Reform and Consumer Protection Act, popularly known as Dodd-Frank. As with the CARD Act of 2009 which preceded it, media attention focused primarily on credit cards, where issuers are now in the throes of implementation and retrenchment.”
EU Pushes U.S.-Style Cyber-War Games For Retailers– www.storefrontbacktalk.com – 9/23/10 – “It’s always tough to figure out whether a government recommendation on security will actually improve the lot of retailers. “We’re from the government, and we’re here to help you” is a joke on both sides of the Atlantic.”
Most Websites Have Serious Vulnerabilities To Attack, Study Says – www.darkreading.com – 9/22/10 – “Ever wonder how likely it is that your website could be hacked? A research firm issued a report today that might offer some insight -- and the news isn't good. ”
New charges laid in ATM fraud case– www.winnipegfreepress.com – 9/10/10 – “Police have laid a host of new charges against a man accused of involvement in a sophisticated card-skimming operation they now say extends to four Canadian cities.”.

September 2010

Leeds credit card fraud case man's £15,108 seized– www.yorkshireeveningpost.co.uk – 9/30/10 – “A court has ordered £15,108 to be forfeited after a Leeds man failed to face credit card fraud charges.”
MasterCard Slaps Down Wal-Mart For Customer ID Rule– www.storefrontbacktalk.com – 9/30/10 – “Retailers and the card brands have fights about card rules routinely. But it’s unusual for a senior executive at a card brand to publicly slap down a major chain. And it’s triply unusual when the chain is the world’s largest—Wal-Mart—and the slapper is the general counsel of MasterCard.”
PCI Vendor Offers $100K For Any Customer Breached– storefrontbacktalk.com – 9/30/10 – “With all of the PCI shell games around, it’s nice to find one vendor offering what seems to be a legitimate PCI insurance program: Use its package and get breached, and the vendor will reimburse some of your out-of-pocket breach costs, with a $100,000 cap.”
Canada’s 6-Month Chip-and-PIN Delay Caused By “Very High (Transaction) Failure Rates”– storefrontbacktalk.com – 9/30/10 – “Pushed by “very high (transaction) failure rates,” Visa and MasterCard have simultaneously granted Canadian retailers a six-month extension on a key Chip-and-PIN move. The change was announced just weeks before the card brands planned to shift a critical liability.”
PCI 2.0: Major Step Forward, If You Value Vagueness– storefrontbacktalk.com – 9/30/10 – “As PCI officially moves next month from 1.2.1 to 2.0, a series of small changes are opening the door to more QSA-to-QSA conflicts. For some, that move is good as it will allow for more flexibility.”
Maine SC sides with grocery store in security breach suit– www.legalnewsline.com – 9/29/10 – “The Maine Supreme Court, in a unanimous decision, has ruled that a group of consumers do not need to be compensated for time and effort they put into cleaning up the damage caused by data thieves.”
Is the United States the weakest link when it comes to credit card security?– www.scmagazineus.com – 9/29/10 – “With almost every other developed country in the world now moving toward chip-and-PIN technology to support EMV, a global standard for authenticating credit and debit card payments, the continued use of magnetic stripe cards in the United States has looked out of order for a while now. ”
Debit card fraud reports flood police– www2.canada.com – 9/28/10 – “Another suspected case of debit card fraud emerged Monday in Saskatoon after some cardholders found out money was withdrawn from their accounts during the weekend. ”
Retailers Lost $139 Billion to Fraud in the Last Year, According to LexisNexis Risk Solutions® Study– www.earthtimes.org – 9/28/10 – “Retail merchants incurred more than $139 billion in fraud losses over the past year, according to a new study released by LexisNexis Risk Solutions®. ”
Aldi yanks debit card terminals that may have been compromised– www.dailyherald.com – 9/28/10 – “Aldi grocery stores have removed debit card terminals that were possibly used to steal customer credit card information, the retailer said in a news release. ”
Payment Card Industry Data Security Standard: What It Means And Why Your Business Should Care– www.businesscomputingworld.co.uk/ – 9/28/10 – “The Payment Card Industry Data Security Standard (PCI DSS) is a list of international security guidelines. They are designed to ensure that any organisation that stores, processes or transmits customer payment card details, does so in accordance with global best practice.”
Long division– digitaldebateblogs.typepad.com – 9/28/10 – “Scott Lofteness pointed me to a lovely post by Stephen Lubeen over at Credit Slips, talking about the problems of being an American traveller in a Europe that no longer accepts your credit and debit cards.”
Still no suspects in Aldi ATM terminal thefts– www.chicagobreakingnews.com – 9/28/10 – “As the Aldi grocery chain removes suspect ATM terminals from some of its stores, police in Wheeling say they're still trying to unravel the source of unauthorized withdrawals that add up to more than $130,000 taken from customers from the Wheeling Aldi store alone.”
Multi-state credit card fraud leads to Byron Center arrests– www.wzzm13.com – 9/27/10 – “The Kent County Sheriff's Department and U.S. Secret Service have arrested two people and investigating more in a credit card fraud ring that has operated in West Michigan and across state lines.”
Debit Card Fraud Strikes Aldi Grocery-Store Customers– www.digitaltransactions.net – 9/27/10 – “A rash of debit card fraud has hit customers of the discount supermarket chain Aldi, though its extent and methodology have not been divulged. Criminals obtained customers’ PINs and card numbers in the Midwest to make unauthorized ATM withdrawals in other states, especially California. ”
POS System Breached?– www.bankinfosecurity.com – 9/27/10 – “A summertime spike in credit card fraud in the Tallahassee, Fla., region is linked to one restaurant that had its point of sale software targeted by hackers, resulting in $200,000 in fraud losses. ”
U.S. Retailers Lost $139 Billion to Fraud in the Last Year– www.paymentsnews.com – 9/28/10 – “U.S. Retail merchants incurred more than $139 billion in fraud losses over the past year, according to a new study released by LexisNexis Risk Solutions. The study revealed that for every $100 in fraudulent transactions, retailers incurred $310 in total losses, including costs associated with replacing lost or stolen merchandise.”
2 Men on Trial for ATM Card Scheme – www.balidiscovery.com – 9/27/10 – “Two men on trial in Bali accused of stealing funds from Automated Teller Machines (ATM) in various locations across Bali saw State prosecutors demanding prisons terms of 13 years and fines of Rp. 100 million (US$11,000) for each of the men.”
Mercator Report Finds End-to-End Encryption Relieves Costly PCI Compliance Burden– www.marketwatch.com – 9/27/10 – “End-to-End Encryption Heralded as Best Route to PCI Scope Reduction;EMV Seen as Too Far Off and Not a Complete Solution for Card Data Security ”
Neb. golf courses: Customer financial info exposed– www.action3news.com – 9/25/10 – “A security breach at two Lincoln golf courses has exposed the credit and debit card numbers of its customers. A statement from Wilderness Ridge and Hidden Valley says immediate steps were taken to re-secure their information systems and a computer security firm was hired to investigate.”
Lincoln golf courses, restaurant sources of credit card leaks– journalstar.com – 9/24/10 – “Two Lincoln golf courses and a restaurant say they are the sources of more than 200 credit and debit card numbers stolen recently from Lincoln-area residents.”
Read the news release– journalstar.com – 9/24/10 – “Wilderness Ridge and Hidden Valley Golf have uncovered a security breach that has exposed credit and debit card information of our recent customers. We apologize for any inconvenience that this may have caused any of our customers and regret any inconvenience this has caused. We have taken immediate steps to secure our systems.”
KCSD: Taco Bell workers stole card nos.– www.woodtv.com – 9/24/10 – “Two employees of West Michigan fast-food restaurants stole perhaps as many as hundreds of customers' credit or debit card numbers this month, according to court documents and investigators.”
PCI: Emerging Technology Needs Standardization– www.bankinfosecurity.com – 9/24/10 – “Emerging payments technologies, such as tokenization, are already being deployed in the marketplace, but standardization, as it relates to the security of some of these emerging solutions, is lacking.”
PCI Meeting: Fraud Fight is Global– www.bankinfosecurity.com – 9/22/10 – “Two hours into the opening day of the Payment Card Industry Security Standards Council's North American Community Meeting in Orlando, Fla., it's clear that emerging technology and EMV chip and PIN will be focal points of the two-day event. ”
ID Theft Ring Busted– www.bankinfosecurity.com – 9/22/10 – “The U.S. Attorney for the District of New Jersey recently announced the arrests of 53 suspects charged with a sophisticated identity theft and fraud scheme -- one that allegedly targeted the identities of Asian immigrants.”
Encryption patent battle could affect database security – www.networkworld.com – 9/16/10 – “Data security vendor Protegrity has added new names to a lengthening list of companies it wants to sue over alleged violation of its encryption patents. ”
More victims in debit card fraud at Aldi stores– www.dailyherald.com – 9/15/10 – “At least 30 St. Charles residents have come forward since Sept. 16, claiming they were victims of debit card fraud involving area Aldi stores, according to St. Charles police.”
PCI Council: P2PE simplifies PCI DSS compliance– www.scmagazineus.com – 9/23/10 – “The group responsible for managing payment security rules plans to release two new guidance documents early next month assessing the impact of emerging data security technologies on payment card security.”
RSA Web Seminar: Understanding and Selecting a Tokenization Solution – rsa-email.rsa.com – 9/23/10 – “Government regulations and internal policies drive your need to protect information wherever it lives and travels. Get the facts on new data and application protection technologies you can turn to during this seminar series and Q&A featuring Derek Brink, Vice President and Research Fellow at Aberdeen Group, and Rich Mogull, Analyst/CEO, Securosis.com.”
Minor Changes Urged for Data Breach Bill– www.govinfosecurity.com – 9/22/10 – “Witnesses testifying Wednesday on a data breach bill called on senators to exempt industries from notifying individuals whose personal information is exposed if other laws require such alerts. ”
UPDATE: Eau Claire Police release photos in attempted ATM fraud– www.wqow.com – 9/22/10 – “Eau Claire Police investigators are looking for the individuals in the attached photos regarding their investigation of a card skimmer device left at the US Bank ATM on Golf Rd on Saturday, 9/18/2010. ”
Police looking for ATM scam suspects – www.leadertelegram.com – 9/22/10 – “Eau Claire police investigators are looking for the individuals in the attached photos regarding their investigation of a card skimmer device left at the US Bank ATM on Golf Road Saturday.”
Reimbursed Consumers not Entitled to Damages in Hannaford Breach, Court Rules– www.mpbn.net – 9/22/10 – “The Maine Supreme Court has ruled that reimbursed consumers who had to spend time and effort to straighten out their accounts after the massive Hannaford data breach are not entitled to damages.”
White Paper: International retailer curtails security breach with Verizon– www.computerweekly.com – 9/22/10 – “A leading international retailer has used Verizon Cybertrust Security Solutions to catch a major hacker of its data. In July 2007, a 1,000-store retail chain fell victim to a sophisticated security breach.”
Police Track Credit Card Thefts– www.ketv.com – 9/22/10 – “Lincoln police said someone who hacked into a national database may be responsible for helping identity thieves go on shopping sprees with credit card numbers.”
Ruling could end lawsuit over Hannaford data theft– www.pressherald.com – 9/22/10 – “A lawsuit filed against Hannaford Bros. Co. by customers over a security breach is expected to end.”
Nevada man charged in credit card fraud– www.upi.com – 9/21/10 – “A Nevada man is facing federal charges for the alleged production and use of counterfeit credit cards with codes skimmed from gas pumps, officials said.”
More Aldi customers see money missing from accounts– www.wishtv.com – 9/21/10 – “More victims of a debit card security breach affecting the Aldi supermarket chain are coming forward and they say their money is being stolen in California.”
Credit Card Theft Probe Yields Arrest– www.kcra.com – 9/21/10 – “Roseville police have arrested a man in connection with the largest credit card theft case they said they have seen.”
Visa Europe issues anti-skimming guidelines– www.finextra.com – 9/20/10 – “Visa Europe, Europe's leading payment system, today issued the latest addition to its security guidance series on system vulnerabilities. ”
Why the U.S. Must Adopt EMV– www.bankinfosecurity.com – 9/20/10 – “Richard Oliver is the first U.S. banking industry executive to publicly declare that a U.S. migration to the EMV payments standard is inevitable.”
Secret Service investigates Aldi security breach– www.wthr.com – 9/20/10 – “The Secret Service is investigating a security breach at a nationwide grocery chain after a Noblesville man learned his personal identification number might have been stolen as he swiped his debit card at the checkout.”
How Safe Is Your Swipe? Thinking Like Hackers, Programmers Find Security Loopholes in 'Secure' Microchips– www.sciencedaily.com – 9/20/10 – “Used in a variety of products from credit cards to satellite televisions, secure chips are designed to keep encoded data safe. But hackers continue to develop methods to crack the chips' security codes and access the information within.”
Connecticut department issues new data breach rules– www.e-wisdom.com – 9/121/10 – “Life insurance providers in Connecticut, along with other businesses in the state, now have to comply with new regulations regarding data breaches.”
State tries to crack down on credit card 'skimmers'– campverdebugleonline.com – 9/15/10 – “State officials are trying to crack down on "skimmers' that steal information off of consumers' credit and debit cards.”
Hundreds fall victim to ID theft scam– abclocal.go.com – 9/19/10 – “More victims have come forward regarding a case of debit card fraud in northwest suburban Wheeling.”
Petrol bunk employee among 13 held for skimming– timesofindia.indiatimes.com – 9/18/10 – “It seems a hotel waiter, a petrol filling station employee, or a mall employee could be part of a credit card skimming racket. In Chennai, it was a petrol bunk employee.”
City cops bust fake credit card racket – expressbuzz.com – 9/18/10 – “The Malaysian nexus to the fake credit card racket flourishing in leading metros through gangs operating from Chennai emerged in sharper contours after Central Crime Branch sleuths busted a major five-member network in the city on September 12.”
Irvine man to serve 1 year– www.dailypilot.com – 9/18/10 – “He and accomplice in forgery ring used stolen Discover Card information to get cash from 33 Orange County locations.”
Data breaches remain high– philadelphia.bizjournals.com – 9/17/10 – “The number of reported data breaches have skyrocketed since numerous states, including Pennsylvania and New Jersey, adopted new data breach notification laws in 2005 and 2006.”
Anthem Blue Cross is sued over data security breach– www.latimes.com – 9/17/10 – “Insurance applicant Patrick Magorien seeks class action status on behalf of consumers whose personal data were compromised.”
Aldi a focus of debit card theft probe– www.chicagobreakingnews.com – 9/17/10 – “A national grocery chain with several locations around Chicagoland is working with police who are investigating an unusually large number of unauthorized debit card withdrawals reported in Wheeling and Buffalo Grove.”
Man gets prison for Discover card fraud– www.ocregister.com – 9/17/10 – “A Northridge man serving a prison sentence for credit card fraud in Los Angeles County pleaded guilty Friday in Orange County Superior Court to illegally accessing account information with the intent to defraud 50 Discover Card account holders.”
53 Accused of ID Fraud – online.wsj.com – 9/17/10 – “The Department of Justice on Thursday accused 53 people in New Jersey of selling identity documents that were allegedly used to commit acts of fraud, including opening lines of credit.”
Cache of stolen FTP credentials discovered – www.securecomputing.net.au – 9/17/10 – “Security researchers recently stumbled upon a malicious website that housed a cache of stolen FTP credentials. ”
Number of Victims Jumps as Secret Service Joins Debit Theft Case– www.nbcchicago.com – 9/16/10 – “Nearly 200 cases of dwindling bank accounts reported to authorities in Wheeling, Buffalo Grove and Harwood Heights.”
Credit card fraud traced to Roseville restaurant– sacramento.bizjournals.com – 9/16/10 – “Roseville police and federal agents are investigating a data breach of credit card information at the Roseville location of Paul Martin’s American Bistro, according to a Roseville Police press release.”
Debit Card Skimmer Found On Train Ticket Dispenser– www.consumerist.com – 9/15/10 – “Be careful, travelers, skimmers aren't just for ATMs. Here's one a Dutch guy found on a local train ticket machine. This is even a little bit more insidious than an ATM skimmer because busy passengers are even less likely to hide their PIN or notice a skimming device before rushing to their next train.”
Connecticut Mandates Fast Breach Notification– www.healthdatamanagement.com – 9/15/10 – “A recent directive from the Connecticut Insurance Department requires all regulated entities in the state to notify the department of "any information security incident" within five calendar days of the incident being identified. The bulletin makes clear that the department intends to play an active role in resolution of data breaches in Connecticut.”
State tries to crack down on credit card 'skimmers'– campverdebugleonline.com – 9/15/10 – “State officials are trying to crack down on "skimmers' that steal information off of consumers' credit and debit cards.”
So Many Logs, So Little Time– storefrontbacktalk.com – 9/15/10 – “PCI’s logging requirements present a particular challenge for retailers, especially those with multiple store locations. How does a retailer with a large number—even thousands—of remote devices efficiently log, harvest those logs and review them daily? Reaching for a vendor suite right away may sound easy, but that is only the beginning of an answer.”
The new wave of cyber-crime facing retailers– www.lexology.com – 9/15/10 – “Retailers are under attack from a new wave of low-tech, high-tech criminals.”
Man accused of rigging Chase ATMs– www.lohud.com – 9/14/10 – “A Romanian immigrant is accused of setting up surveillance cameras and card skimmers at automated teller machines in Greenburgh and Rye Brook to steal bank account information from customers at JPMorgan Chase branches.”
Roseville cops warn restaurant guests as city credit card fraud booms – www.news10.net – 9/13/10 – “Roseville police are warning of an unusual number of recent credit card fraud reports. Roseville Police Department spokeswoman Dee Dee Gunther said the commonality in many cases seems to be the victims dined at Roseville restaurants that use the same third-party credit-processing service. ”
Hackers Target Roseville Eateries For Credit Card Information– www.kcra.com. – 9/13/10 – “Roseville police are warning people eating out in Roseville to avoid using their debit cards and to pay with cash or use credit cards.”
Deadline approaching in Canada for Chip and PIN– www.atmmarketplace.com – 9/13/10 – “Visa Canada recently reminded merchants they are approaching an important milestone as the country moves to EMV, or Chip and PIN.”
Lessons to be Learned from Data Breaches Seminar– www.mastercard.com – 9/13/10 – “This 1-day course describes the latest developments in data security, the common payment industry initiatives and provides details on the MasterCard Site Data Protection program, its requirements and compliance tools.”
PCI update could mean clarity or confusion– searchsecurity.techtarget.com – 9/10/10 – “PCI DSS has become one of the most controversial standards on the books. Many argue that PCI DSS has made great inroads in improving credit card security. Others contend the standard is a distraction from true security, and that the effort is too prescriptive, confusing, and artificially sets the bar for security and compliance too low.”
Skimming Reported at Cathedral Heights SunTrust ATM– www.dcist.com – 9/10/10 – “All Life is Local points us to reports of an ATM skimming operation at a SunTrust machine located at 3440 Wisconsin Avenue NW in Cathedral Heights.”
The Fed Gets Involved with EMV– www.americanbanker.com – 9/10/10 – “If the U.S. government mandated the switch to digital T.V., why can't it mandate that credit and debit card issuers switch from magnetic stripe cards to chip-based payment cards that require a personal identification number for additional security? ”
Visa Canada's Migration to Chip Cards: Upcoming Milestone– www.tradingmarkets.com – 9/10/10 – “With Canada's migration to EMV chip card technology successfully underway, Visa cardholders are currently experiencing the benefits of Chip & PIN (personal identification number) innovation. ”
Staying One Step Ahead – www.spva.org – 9/9/10 – “As I was reading the latest issue of The Green Sheet, two articles caught my eye. “Fraud trends in 2010” and “Skimmers shifting from ATMs to gas pumps.” To briefly summarize: despite the industry’s attempts to secure cardholder data, fraud is as prevalent today as it was yesterday. And not surprisingly, thieves can adapt just as easily as we can.”
Canada shows how EMV migration can impact fraud– www.finextra.com – 9/9/10 – “The voices calling for the U.S. to migrate to EMV have been growing louder over the past few months with Walmart, T-Mobile and even the Federal Reserve calling for or discussing the move. ”
HEI Hotels & Resorts Discloses Security Breach– www.esecurityplanet.com – 9/9/10 – “HEI Hotels & Resorts has stated that a security breach may have compromised customer data related to transactions between March 25 and April 17, 2010.”
Hotel operator warns of data breach– www.computerworld.com – 9/9/10 – “Attacks on point of sale systems at several upscale hotel and resort properties may have exposed card data on 3,400 customers ”
ATM "skimmers" scam ring hitting Charlotte area hard– www.wbtv.com – 9/9/10 – “Authorities say a sophisticated ring of scam artists based in Florida is targeting the Charlotte area, stealing local victims' ATM numbers along with thousands of dollars from their accounts.”
Best methods for navigating the POS security standard minefield– www.zdnet.com – 9/9/10 – “As one might expect, there is no shortage of security standards when it comes to protecting the payment transaction lifecycle. As the old joke goes, “the great thing about standards is that there are so many to choose from.””
ATM Card 'Skimmer' Found in Marion– www.kcrg.com – 9/7/10 – “Marion Police are looking into the discovery of an ATM “skimmer” that was found at a local bank. ”
WEBINAR: What is PCI Compliance Really Costing You? – www.digitaltransactions.net – 9/7/10 – “Manage payment data on premises? Or have it hosted externally? Tokenization? End-to-end encryption? These are all hot topics in the world of PCI. If you’ve ever been asked to explore the costs of adopting these payment security approaches, this webinar is for you. ”
Frequently asked questions on PCI DSS in its key month– www.scmagazineuk.com – 9/7/10 – “September is a big month for the Payment Card Industry Data Security Standard (PCI DSS), with the new regulations introduced. As detailed by SC Magazine in August, the new requirements will officially be introduced from January 2011, while the old standard will ‘sunset' at the end of December 2011.”
Limo card skimmer targets Aussies in New York– www.heraldsun.com.au – 9/7/10 – “TWO Australian women on holiday in the US have fallen victim to a fake New York limousine driver who used a skimming device to empty a pre-paid credit card.”
First persons charged under Cyber Crimes Act– www.jamaicaobserver.com – 9/6/10 – “TWO men have became the first persons in Jamaica to be arrested and charged under the Cyber Crimes Act. The men were charged Friday last following an investigation which started on Saturday, August 28. ”
Debit card skimming on island?– www.saltspringcommunity.com – 9/3/10 – “I had a customer complain that their Debit card was skimmed on the island this last weekend. Has this happened to anyone else on island?”
Asia Just Does Not Get PCI– wwwwww.allvoices.com - 9/3/10 – “Why are hackers in China and other Asian countries are trying to hack banks and merchants when there is a wealth of credit card data on every credit card receipt generated there.”
ISOs, Acquirers At Ease Crafting PCI Compliance Plans– www.paymentssource.com – 9/1/10 – “Only acquiring banks and the largest ISOs have to file formal written plans with the card brands to explain how they intend to bring the nation’s 5 million small retailers, restaurateurs and other mom-and-pop businesses into compliance with Payment Card Industry data security standards.”
US scammer bought, resold nearly 27,000 credit card numbers– www.google.com – 9/1/10 – “A US man pleaded guilty Wednesday to fraudulently obtaining nearly 27,000 credit card numbers and selling them on to other scammers, who used them to make purchases.”
Financial Crimes Spike in Leon County – www.wctv.tv – 9/3/10 – “A huge spike in credit and debit card fraud reports puts Tallahassee investigators on high alert .. Now- deputies say they have pin pointed a location where many of those cards may have been compromised. ”
U.S. sues former execs of failed credit union WesCorp, alleging fraud– www.latimes.com – 9/2/10 – “Robert Siravo and Thomas Swedberg are accused of adding millions of dollars to retirement payouts for themselves and other top brass. They and 14 others are also accused of breach of duty.”
Webinar - PCI: Lessons to be Learned from Data Breaches – www.eiseverywhere.com – 9/1/10 – “This 1-day course describes the latest developments in data security, the common payment industry initiatives and provides details on the MasterCard Site Data Protection program, its requirements and compliance tools. ”
The Fed Gets Involved with EMV– www.americanbanker.com – 9/1/10 – “If the U.S. government mandated the switch to digital T.V., why can't it mandate that credit and debit card issuers switch from magnetic stripe cards to chip-based payment cards that require a personal identification number for additional security? Richard Oliver, evp of the Federal Reserve Bank of Atlanta's Retail Payments Forum, posed that question recently and argued that the growing security vulnerabilities posed by magnetic stripes may warrant policy action by the government.”
Secret Service seeks suspects in 'skimming'– charlotteobserver.com – 9/1/10 – “ The Secret Service is trying to locate two people suspected of "skimming" credit and debit cards in the Charlotte area.”
UPDATE 1-Heartland Payment, Discover settle data breach claims– www.reuters.com – 9/1/10 – “Credit and debit card processor Heartland Payment Systems (HPY.N) agreed to pay $5 million to Discover Financial Services (DFS.N) to settle data security breach claims and said this was the final agreement with a card brand related to a cyber theft in its systems in 2008.”

August 2010

Man accused of using skimming device at ATM in Rye Brook– www.lohud.com– 8/31/10 – “A Queens man faces a felony charge after being accused of placing a credit and debit card skimming device in an ATM at Chase Bank in the Rye Ridge Shopping Center, police said. Razvan Apostol, 31, of 4750 41st St. was arrested Friday by Rye Brook police with the assistance of the U.S. Secret Service and JPMorgan Chase corporate security, police said.”
Serious Texas suffers card fraud– durangoherald.com – 8/31/10 – “Several hundred customers at Serious Texas Bar-B-Q were subject to debit-card fraud or attempted fraud earlier this year in Durango, police said.
Debit card skimming compromises hundreds of area bank accounts – www.nantonnews.com – 8/31/10 – “Hundreds of bank account holders in the Nanton area have been getting the bad news this week from their banks — their debit cards have been skimmed and their accounts emptied. The scam hit over the Aug. 21-22 weekend, with accounts accessed from an automated teller machine in Edmonton.”
ATM Skimming Device Found In North Naples – www.colliersheriff.org – 8/31/10 – “The Collier County Sheriff’s Office is cautioning people to be vigilant after a card skimming device was discovered at an automated teller machine at a North Naples bank over the weekend. ”
Skimming device found on North Naples ATM– www.nbc-2.com – 8/31/10 – “Someone attached a skimming device to a North Naples bank ATM over the weekend, according to deputies.A customer found the device around 9 a.m. Sunday.”
Skimming: A 2010 Timeline– www.bankinfosecurity.com – 8/30/10 – “The reports of skimming and payment card fraud in this list are taken from the Identity Theft Research Center's data breach list and ISMG's BankInfoSecurity.com coverage. So far in 2010, 45 skimming and payment fraud incidents have occurred in the United States. What follows are the reported skimming events and card fraud incidents and how the businesses or financial institutions were attacked.”
Skimming: Old Crime, New Tools– www.bankinfosecurity.com – 8/30/10 – “The names haven't changed, but the sophistication of the technology has. In nearly 30 years of payment card fraud, the types of attacks -- skimming at ATMs and point-of-sale terminals, theft of account numbers from data centers, as well as social engineering -- "have all been around since the 1980s," says Tom Wills, security and fraud senior analyst at Javelin Strategy & Research.”
Rye Brook Police Arrest Man for Tampering with ATM at Rye Ridge Shopping Center– rye.patch.com – 8/30/10 – “Rye Brook Police have arrested a Queens man for placing a credit and debit card skimming device at an ATM machine in Rye Brook in an apparent attempt to steal personal account information.”
Debit card skimmer caught in Saskatoon– video.aol.ca – 8/30/10 – “Saskatoon police have charged one man over a debit card skimming operation.”
Suspect in credit card skimmer case brought to Gainesville– www.gainesville.com – 8/27/10 – “A man accused illegally using information gathered by credit card skimmers at local gas stations has been booked into the Alachua County jail.”
U.S. banks lobby Fed on debit card fee limits– www.reuters.com – 8/26/10 – “The Federal Reserve has begun taking the first steps to crack down on debit-card transaction fees, with the battle between merchants and banks moving from the legislative to the regulatory arena.”
Card skimmers found at Alberta mega-mall– www.securityinfowatch.com – 8/23/10 – “A suspected bank card skimming operation has been uncovered at the CrossIron Mills mega-mall near Balzac, north of Calgary, police said Friday. Bank security experts alerted RCMP commercial crime detectives after they found that two payment PIN pads at two retailers had been compromised. Mall officials said police advised them not to name the stores involved.”
Calgarians spot two ATM skimming devices at TD Banks– www.calgaryherald.com – 8/16/10 – “Eagle-eyed citizens are being praised for spotting two skimming devices on bank teller machines as police say they expect to see more ATM fraud incidents in the city this year.”

Durbin Down Under– www.pymnts.com – 8/27/10 – “As financial institutions grapple with the impending regulation of debit card interchange fees it is worth taking a look at what happened in Australia. The Reserve Bank of Australia (RBA) announced is final reforms to regulate credit-card interchange fees in 2002 after a three year process.”
Bulgarian man charged for ATM card skimmer scam– www.morningjournal.com – 8/27/10 – “A Bulgarian man, accused of installing an ATM card skimmer at a North Ridgeville Charter One bank, was indicted yesterday for safecracking and possession of criminal tools by the Lorain County grand jury.”
Police catch suspected ‘skimmer scammer' – www.alligator.org – 8/26/10 – “A man was arrested in connection to a credit card-skimming scam, which recorded credit card information from customers at at least four Alachua County gas stations.”
California Eyes Stronger Privacy Law– www.bankinfosecurity.com – 8/25/10 – “The California state legislature has passed a stronger data breach notification bill that could mean increased consumer privacy protection for residents -- if Gov. Arnold Schwarzenegger signs it into law. ”
STAR® Network Unveils STAR CertiFlash – www.businesswire.com – 8/25/10 – “The STAR Network today introduced STAR CertiFlash, a new PIN debit application that advances point-of-sale (POS) security using one-time card number technology. ”
Visa Provides Guidance on Secure Implementation and Management of Payment Applications– www.prnewswire.com – 8/24/10 – “Visa Inc. today announced global industry best practices for payment application vendors, integrators and resellers that implement, install or manage payment-related systems on behalf of merchants.”
U.S. v. MAYANS– www.leagle.com – 8/24/10 – “Jorge Mayans pled guilty to possession of device-making equipment with intent to defraud in violation of 18 U.S.C. § 1029 (a)(4). Mayans appeals his sentence of 30 months' imprisonment arguing that the district court improperly applied a two-level increase for Mayans' role as a leader or organizer of the crime under U.S.S.G. § 3B1.1(c).”
Police pull PIN pad camera– www.abbotsfordtimes.com – 8/24/10 – “Abbotsford police have seized an ATM from a financial institution on Sumas Way after an Abbotsford resident discovered a small plastic container just above the PIN pad.”
Transit police crack spa gift certificate fraud scheme– www.royalcityrecord.com – 8/24/10 – “Transit police arrested a man on Aug. 17 at the New Westminster_Braid SkyTrain station who they believe is a suspect in an ongoing investigation related to the sale of fraudulent Spa Utopia treatment packages.”
A proposed federal data security law… one more time!– www.wistechnology.com – 8/24/10 – “Over the past month, two different bills have been proposed in Congress to address federal data security requirements. The most comprehensive of the two, and the one garnering the most attention is S. 3742, referred to as the “Data Security and Breach Notification Act of 2010.” ”

ATM thief must repay stolen cash, judge says– www.ottawacitizen.com – 8/24/10 – “A Romanian refugee from Montreal who stole $36,000 using bank cards cloned from Ottawa ATMs was sentenced Tuesday to 12 months in jail and ordered to repay the stolen money.”
FSA fines Zurich record £2.2 million for data breach– citywire.co.uk – 8/24/10 – “The Financial Services Authority has fined Zurich Insurance £2.27 million for the loss of computer back-up tapes containing the details of 46,000 policy holders.”
Accused bank card fraudster in more trouble – thechronicleherald.ca – 8/21/10 – “An Ontario man accused of skimming information off customers’ cards at banking machines in Halifax has drawn the attention of investigators in other parts of the country.”
Police urge caution after skim sites discovered at ATM machines– www.theprovince.com – 8/20/10 – “Abbotsford police are warning people to be cautious about anything unusual at their ATM machines after an alert customer found a pinhole camera Monday morning on an automated banking machine in the 2100-block Sumas Way.”
Proliferating smart-phone terminals: Friend or foe to payment pros?– www.greensheet.com – 8/20/10 – “new report from Mercator Advisory Group predicts mobile phone-based card acceptance is going to skyrocket in the coming years. According to George Peabody, the report's author and Director of Mercator Advisory Group's Emerging Technologies Advisory Service, over 1.4 million smart phone-based payment terminals will be in use by 2014. ”
PCI SSC summarizes upcoming changes to standards– www.greensheet.com – 8/19/10 – “I n advance of the October 2010 release of the updated security standards that govern how merchants and payments businesses safeguard sensitive cardholder data, the PCI Security Standard Council (PCI SSC) disclosed a summary of changes it intends to make to the standards. ”
Credit card skimmers may be part of international scam– www.gainesville.com – 8/19/10 – “The rash of credit card fraud cases connected to skimmers on area gas pumps appears to be part of an international scam, according to the National Association of Convenience Stores and the Alachua County Sheriff's Office.”
Too Much Encrypt = Cyberthief Gift– storefrontbacktalk.com – 8/19/10 – “Encrypt every part of your payment data and you may be giving your least favorite cyberthief a beautifully wrapped gift. That’s the secret dare not spoken aloud in security circles, and it was hinted at—albeit obliquely—by the PCI Council in its latest update.”
Heartland Self-Inflicts More Data Breach Injuries– storefrontbacktalk.com – 8/19/10 – “Heartland Payment Systems again finds itself in the glaring light of a data breach probe, but this time, the injuries are almost entirely self-inflicted. The incident in question is the Austin, Texas, data breach of several hundred payment cards from a four-location Greek cafeteria—which one Austin detective said crafts a terrific baklava—that happens to use Heartland as its processor.”
PCI New Rules: Reading The Tea Leaves– storefrontbacktalk.com – 8/19/10 – “When the PCI Council periodically sends out sanctioned teases about an upcoming version, the fun part is the tea-leaf-like reading of its deliberately vague hints. And the Council has offered us quite a bunch to choose from, including “expanded definition of systems components to include virtual components,” “recognize that issuers have a legitimate business need to store sensitive authentication data” and the especially intriguing “update requirement to allow business justification for copy, move and storage of CHD during remote access.”
The Dumbest Wireless Security Errors– storefrontbacktalk.com – 8/19/10 – “For years, chief security officers have viewed wireless security as a contradiction-in-terms punchline. But with PCI rules clamping down and cyberthieves sniffing around for whatever holes they can find, wireless security has stopped being funny. Still, either through ignorance or carelessness, many retailers have been caught doing some pretty ridiculous things when deploying wireless security.”
Fraud protection – www.halifaxnewsnet.ca – 8/19/10 – “The recent arrest of an Ontario man in Halifax charged with various fraud related offences drives home the need to protect your personal financial information. The Halifax Regional Police/RCMP Integrated Financial Crime Unit charged 22-year-old Volodymyr Zozulya with fraud over $5,000, possession of credit card data, using credit card data, possessing a device intended to forge credit cards, intercepting a function of a computer system and possessing a computer password that enables him to commit the offence of fraud.”
Jered R. J. Lerat gets conditional sentence for skimming credit cards– www.leaderpost.com – 8/19/10 – “A former Regina gas station employee will face a six-month conditional sentence for his role as a "front man" in a credit card skimming operation.”
Counterfeit pin reader, card skimmer found in North Bay – www.saultstar.com – 8/19/10 – “A counterfeit pin reader and card skimmer attached to an ATM machine was discovered at a North Bay bank at 8:30 a.m. Tuesday. A spokesman for the North Bay Police Service would not say at which bank the device was discovered.”
Cops nab city cash machines skimmer– www.highland-news.co.uk – 8/19/10 – “A ROMANIAN man obtained the bank details of 45 Inverness customers after fixing card-reading devices to two busy cash machines in Inverness.”
ATM users beware – www.nugget.ca – 8/18/10 – “A counterfeit pin reader and card skimmer attached to an ATM machine was discovered at a North Bay bank at 8:30 a.m. Tuesday. A spokesman for the North Bay Police Service would not say at which bank the device was discovered.”
Fraud Woes Prompt Bank to Forgo Signature Debit Revenue– www.americanbanker.com – 8/19/10 – “Bonneville Bancorp is taking an unusually drastic — and seemingly counterintuitive — approach to fighting fraud. To make sure its customers use their PIN codes, shoring up security for debit purchases, it is prohibiting signature debit payments in some states.”
Skimmer found on local bank ATM– www.baytoday.ca – 8/18/10 – “A counterfeit pin reader and card skimmer were found attached to an ATM at a local bank. This device was disguised to look like the original card slot. The device appears to be the type that requires the culprit to return to retrieve the information. ”
Business Case for Data Protection: A Study of CEOs and Other C-Level Executives in the UK, March 2010– www.ponemon.org – 8/18/10 – “This research, sponsored by IBM, explores what senior executives believe to be the value proposition of data protection in their organisations. This is a companion study to the Business Case for Data Protection: A Study of CEOs and C-Level Executives in the US.”
2010 Global Cost of a Data Breach, April 2010– www.ponemon.org – 8/18/10 – “For the first time Ponemon Institute published the findings from our Cost of Data Breach studies conducted in the US, UK, France, Germany and Australia.”
Just 5% High Street Retailers Are PCI Compliant– www.businesscomputingworld.co.uk – 8/17/10 – “Despite pressure mounting to comply with Payment Card Industry Data Security Standard (PCI DSS) requirements, online-only retailers are leaving their high street competitors behind in the race to meet the standard.”
Cracking Down on ID Theft– www.bankinfosecurity.com – 8/17/10 – “The trial and conviction of Albert Gonzalez, the mastermind behind the TJX and Heartland data breaches, represented the largest hacking and identity theft case ever prosecuted by the Department of Justice. Since that case, the courts have stiffened their penalties for those convicted of such crimes.”
More identity thieves using card skimmers– www.sfgate.com. – 8/17/10 – “During a routine maintenance check in late February a 7-Eleven employee in Martinez found something that didn't belong inside one of his gas pumps: a debit and credit card skimmer.”
New PCI requirements look at cloud-hosting and log management– www.securecomputing.net.au – 8/17/10 – “A reinforcement of the need for a thorough scoping exercise, support for centralised logging, and validation of a risk-based approach are among the requirements in the revised PCI standards.”
More identity thieves using card skimmers– www.sfgate.com – 8/17/10 – “During a routine maintenance check in late February a 7-Eleven employee in Martinez found something that didn't belong inside one of his gas pumps: a debit and credit card skimmer.”
Dollar edges lower as US data, earnings positive– www.sfgate.com – 8/17/10 – “Some positive U.S. economic data seemed to support the idea of a recovering economy Tuesday, weighing on the dollar and other safe haven assets.”
How to Outsmart Hospitality Hackers – www.verticalsystemsreseller.com – 8/17/10 – “According to the 2010 Global Security Report, hospitality breaches accounted for a whopping 38% of all breaches investigated by TrustWave SpiderLabs, and can be attributed to attacks on the systems responsible for the processing or transmission of payment card data.”
41 Banking Breaches So far in 2010– www.bankinfosecurity.com – 8/16/10 – “There have been 41 data breaches involving financial institutions so far in 2010 - well on the way to surpassing the 62 such incidents in all of 2009. ”
PCI Update Gets Mixed Reviews– www.bankinfosecurity.com – 8/16/10 – “Glaringly lacking, or a positive first step? Both terms have been used to describe the newly-released summary of proposed changes to the Payment Card Industry Data Security Standard. ”
Calgarians spot two ATM skimming devices at TD Banks– www.vancouversun.com – 8/16/10 – “Eagle-eyed citizens are being praised for spotting two skimming devices on bank teller machines as police say they expect to see more ATM fraud incidents in the city this year.”
Oregon Gift Card Cloner Pleads Guilty– storefrontbacktalk.com – 8/16/10 – “An Oregon man pleaded guilty earlier this month to cloning gift cards for Abercrombie & Fitch, American Eagle, Apple, Best Buy, Macy’s, Kroger and Spencer Gifts. The a crime was solved when Kroger fraud investigators noticed card balances being checked online hundreds of times a day.”
Idaho First Hit by Robo-Scam – www.boiseweekly.com – 8/16/10 – “An Idaho bank is warning its customers of a scam hitting a good many of its customers. Officials with Idaho First Bank, headquartered in McCall, are alerting their customers that a pre-recorded message sent out on Sunday was fraudulent.”
Yet Another Proposed Federal Data Security and Breach Notification Bill: Senators Rockefeller and Pryor Jump Into the Fray– www.infolawgroup.com – 8/16/10 – “Many of us have watched over the past few years as dozens of proposed federal data security and breach notification bills have been introduced, often with bipartisan support, but have failed to become law. ”
Merchants Leading Cause of CU Card Fraud – www.cutimes.com – 8/16/10 – “Credit unions responding to NAFCU's monthly Flash survey reported that merchants were the leading source of credit and debit card fraud attempts.”
Bank ATM’s Converted to Steal IDs of Bank Customers– ukzambians.co.uk – 8/16/10 – “A team of organized criminals are installing equipment on legitimate bank ATM’s in at least 2 regions to steal both the ATM card number and the PIN. The team sits nearby in a car receiving the information transmitted wirelessly over weekends and evenings from equipment they install on the front of the ATM.”
Skimming devices found at TD branches– www.660news.com – 8/16/10 – “Two debit card skimming devices have been found at TD branches in our city but police can't say how long they were in place before being discovered.”
ID breaches more common than ever– www.ajc.com – 8/14/10 – “Our personal information, from addresses to Social Security numbers, is leaked — by hackers and by mistake — more often than we know. ”
Anthem security breach, payday fraud may be linked – www.cleveland.com – 8/14/10 – “At least two Ohioans affected by a security breach at Anthem Blue Cross Blue Shield suspect payday loans were fraudulently taken out in their names. ”
'Skimming' device found at Flagler gas station – www.news-journalonline.com – 8/14/10 – “A "skimming" device was found at a gas station on State Road 100, and the Flagler County Sheriff's Office is recommending a pay-inside plan to protect drivers' debit and credit cards. ”
CrossIron Mills to "re-educate" retailers on debit machines – www.am770chqr.com – 8/13/10 – “No arrests or charges have been laid as RCMP continue to probe the discovery of four debit card skimming devices in the CrossIron Mills mall. General Manager James Moller maintains banking security is still strong and all precautions are being made to make sure something similar doesn't happen again.”
Changes to PCI Data Security Standard leave questions unanswered– www.computerworld.com – 8/13/10 – “A new version of the PCI Data Security Standard scheduled for release later this year is likely to attract more attention for what it leaves unaddressed rather than what it changes, analysts say.”
Keypad skimming scam uncovered at CrossIron Mills mall– www.calgaryherald.com – 8/13/10 – “An investigation by the RCMP has uncovered a skimming operation that targeted shoppers at the CrossIron Mills mall north of Calgary. Bank security specialists contacted the RCMP on Tuesday, leading investigators to examine keypads at two stores.”
Arrested seller of card data to be extradited to U.S.– www.scmagazineus.com – 8/12/10 – “A Russian man believed to be one of the most prolific sellers of stolen credit card data was arrested over the weekend in France, U.S. Department of Justice (DoJ) announced this week. ”
Beaverton man steals thousands from stores by cloning gift cards– www.oregonlive.com – 8/11/10 – “Sealtiel Chacon Zepeda was standing at a Fred Meyer sales register spending a gift card when curiosity struck. He wondered how gift cards worked, how the little magnetic strip on the back of them turned cash into store credit and how easily he could reproduce the information stored on the card. ”
How Many POS Security Documents Does One Need?– www.finextra.com – 8/11/10 – “As the old joke goes, “the great thing about standards is that there are so many to choose from.” This certainly seems to be the case with point-of-sale (POS) devices, where there are now a number of overlapping initiatives aimed at improving payment card security. While this may seem to be unnecessarily redundant, it is important that POS vendors, retailers/merchants and financial services organisations understand how each of these initiatives relate to one another and how they can help keep sensitive information safe.”
Suspect in $9 Million RBS WorldPay Hack Extradited to U.S.– www.wired.com – 8/9/10 – “One of the alleged ringleaders behind the 2008 hack of RBS WorldPay has been extradited to the U.S., where he was arraigned Friday in the Northern District of Georgia on charges that he helped coordinate the global $9.5 million bank card heist.”
Fraud Spree Hits Texas Town– www.bankinfosecurity.com – 8/6/10 – “Another rural town in Texas has been caught up in the ongoing payment card crime spree that's striking restaurants and retailers nationwide. ”
Rockefeller, Pryor introduce federal data security law– www.scmagazineus.com – 8/6/10 – “Two senators on Thursday introduced a national data breach notification bill that also would force businesses to create measures to protect sensitive information under their control, according to a news report.”
First smartphone trojan detected– www.securecomputing.net.au – 8/13/10 – “Warnings have been made of the first malicious program to be classified as a Trojan-SMS for smartphones.”
US to prosecute Moscow card trader– www.securecomputing.net.au/ – 8/31/10 – “Ukraine and Israel national Vladislav Anatolievich Horohorin faced US prosecution over his role in a major stolen credit card trading website.”
PCI Council Tweaks Rules to Clarify Issues Like Scope of Assessment– www.digitaltransactions.net – 8/12/10 – “The PCI Security Standards Council on Thursday gave a sneak peek at planned changes in the Payment Card Industry data-security standard, or PCI. While a Council document outlines 15 planned changes, the proposals are “relatively minor,” according to a news release. ”
Revisions to credit card security standard on the way – www.networkworld.com – 8/12/10 – “It's going to be called the Payment Card Industry Data Security Standard 2.0, and the full-blown text of this upcoming standard that governs how businesses must guard sensitive cardholder information on their networks will be out at the beginning of September, according to the organization in charge of it.”
Credit Card Skimmer Sought in SB– www.myfox11.com – 8/12/10 – “The Santa Barbara Police Department is on the look-out for a suspected credit card skimmer. Credit card skimming involves a suspect placing a device over a credit card reader on an ATM or a credit card reader on a gas pump. ”
Tino's co-owner talks about credit, debit card breach – www.kvue.com – 8/12/10 – “The co-owner of Tino's restaurant, Jeff Nouri, spoke to KVUE at his North Austin restaurant. He says credit cards at all Tino's restaurants are now processed through a phone line rather a computer which sent those transactions over the Internet.”
Heartland denies systems involved in new data breach– www.computerworld.com – 8/12/10 – “Heartland Payment Systems, which last year suffered the largest ever data breach involving payment card data, is downplaying reports out of Austin, Texas linking the payment processor to a data breach at a local restaurant chain. ”
PCI Council Tweaks Rules to Clarify Issues Like Scope of Assessment– www.digitaltransactions.net – 8/12/10 – “The PCI Security Standards Council on Thursday gave a sneak peek at planned changes in the Payment Card Industry data-security standard, or PCI. While a Council document outlines 15 planned changes, the proposals are “relatively minor,” according to a news release. ”
Fraudsters steal more than $2 million in six months – www.tribune242.com – 8/12/10 – “DEVIOUS fraudsters and their increasingly creative ways of stealing your money were exposed by police yesterday as innocent people were warned how to protect their assets.”
Police: Breach affecting credit card users at restaurant chain– www.statesman.com – 8/12/10 – “A security breach for credit and debit card purchases at a local restaurant chain is causing headaches for some Austinites, police say. ”
Fraud Cases On The Rise– www.jonesbahamas.com – 8/12/10 – “There has been a considerable rise in the number of fraud cases, according to police. In fact, in the last six months unsuspecting Bahamians have been swindled out of more than $200,000 in four new scams.”
Massive credit card fraud ring suspected in Abbotsford– www.vancouversun.com – 8/11/10 – “Abbotsford Police suspect a fraud ring is operating in the Fraser Valley city, after collecting 20,000 credit cards and card-making equipment in three separate incidents in the past three weeks.”
Tulsa sees surge in card fraud– www.tulsaworld.com – 8/10/10 – “Buyers beware: authorities say that there have been hundreds of debit and credit card fraud cases in the Tulsa area during the last few months. Thieves are likely using a variety of methods to steal card information, and it's not occurring at the bank level, said Elaine Dodd, vice president of the Fraud Division for the Oklahoma Bankers Association. ”
Merchants lose $89m in credit card fraud– www.dailytelegraph.com.au – 8/9/10 – “THE huge growth in the payment of goods or services over the internet, or by phone or mail, is responsible for the loss by merchants of about $89 million last year through fraud when credit cards used in a business transaction are not seen by the seller.”
Study Finds Financial Services Target of 33% of Data Breaches– www.banktech.com – 8/9/10 – “Financial services remains the industry most affected by security breaches, according to a report released today by Verizon and the U.S. Secret Service. A third (33%) of data breach cases and 94% of all compromised records were in financial services.”
Help Identify a Person of Interest in Skimming Fraud Cases– www.springsgov.com – 8/5/10 – “The Colorado Springs Police Department (CSPD) is requesting the community?s assistance in identifying this person of interest. This person is believed to be involved with local credit/debit card skimming activities currently affecting our community.”
Debit-card skimmers rob Vancity accounts– www.cbc.ca – 8/4/10 – “A major cash-skimming operation has been discovered at a Vancouver-based credit union.Officials say an undisclosed amount of cash has been lifted from accounts at Vancity by thieves who were able to steal debit card information and PIN numbers at an ATM or merchant terminal.”
QSA's View on PCI Compliance for Mail Orders – blogs.bankinfosecurity.com – 8/9/10 – “Despite the Payment Card Industry Security Standards Council's establishment of a Quality Assurance program "to promote consistent interpretation of the PCI standards and ensure [that] quality is maintained" ... the proverbial devil remains in the details. ”
Merchants lose $89m in credit card fraud– www.news.com.au – 8/9/10 – “THE huge growth in the payment of goods or services over the internet, or by phone or mail, is responsible for the loss by merchants of about $89 million last year through fraud when credit cards used in a business transaction are not seen by the seller.”
Estonian Extradited To U.S. In $9 Million Hacking Scheme– www.allheadlinenews.com – 8/7/10 – “An Estonian national has been extradited to the United States to face charges of hacking into a computer network operated by an Atlanta-based credit card processing company, that resulted in the theft of $9 million from more than 2,100 ATMs in at least 280 cities worldwide, U.S. officials said Friday.”
Minn. Cracks Down on Skimming– blogs.bankinfosecurity.com – 8/6/10 – “The Minnesota Legislature earlier this week made possession of a skimming device a felony. All I can say is: Way to go, Minnesota! This new law now makes even the possession of a skimming device or a re-encoder a punishable offense, meaning over one year imprisonment and up to a maximum fine specified by law. ”
Officials investigate ATM tampering at La Crescenta bank– latimesblogs.latimes.com – 8/6/10 – “Los Angeles County sheriff's detectives are investigating a potential security breach at a Chase bank where a credit card skimmer was found on an ATM.”
ATM tampered with at Chase bank– www.glendalenewspress.com – 8/6/10 – “Sheriff's detectives are investigating a security breach at a local Chase bank where alleged thieves placed a credit card skimmer on an ATM that may have allowed them to steal customer information.”
Cops probe card skimming scam at Alexandria cash machine – www.lennoxherald.co.uk – 8/6/10 – “COPS are probing the discovery of another suspected card skimming device in the area.”
ATM skimmer accused refused bail– www.goldcoast.com.au – 8/5/10 – “A ROMANIAN man alleged to have attached card skimming devices to ATM machines across the Gold Coast and Brisbane told police he was just a soldier working for much bigger players, a court has been told.”
Rash of Credit and Debit Card Skimming – www.kktv.com– 8/5/10 – “Colorado Springs police have released a photo of a man they say is a person of interest in a credit and debit card skimming case. A rash of crimes has left a trail of victims from Denver to Colorado Springs.”
PCI Level 1 Merchant Compliance Up Slightly– storefrontbacktalk.com – 8/4/10 – “The latest PCI-DSS compliance stats for the U.S. released by Visa on Monday (August 2) show a tiny increase in the compliance rate for Level 1 retailers since the last report, from 95 percent to 96 percent. The increase, though, may be a statistical anomaly: The number of merchants in that category dropped from 360–where it had been for the last two reports–down to 358.”
Vancity cardholders skimmed by unidentified suspects– www.vancouversun.com – 8/4/10 – “Vancity members are being warned to check their accounts for mysterious transactions or ATM withdrawals because someone has been skimming the credit union’s members’ cards.”
2 Arrested In Okla. Skimming Cases– www.koco.com – 8/4/10 – “Police said two people have been arrested in connection with a string of credit and debit card skimming cases in Oklahoma”
What’s in store for PCI DSS and Tokenization– blogs.gartner.com – 8/4/10 – “Tokenization is a very hot topic among Gartner clients who have to comply with PCI DSS. After all, by not storing electronic cardholder, ‘most’ enterprises are eligible for a greatly reduced set of PCI requirements as contained in SAQ (Self Assessment Questionnaire) A, B or C.”
ATM Security: Where are the Gaps?– www.bankinfosecurity.com – 8/4/10 – “If an ATM can be hacked effortlessly during a conference presentation, then how vulnerable to fraud are these devices when deployed by banking institutions and merchants? ”
New Fraud Spree Investigated– www.bankinfosecurity.com – 8/2/10 – “The arrests of two men in Florida on multiple identity theft charges represent "just the tip of the iceberg" in payment card crimes against merchants and consumers across the U.S., according to law enforcement officials. ”
Moving in the Right Direction: End-to-End Encryption Security Requirements– www.e3secure.com – 7/29/10 – “The industry is all abuzz about “end-to-end encryption” — but what does that really mean? A clear definition is required if we’re to fairly evaluate the various products claiming to employ this technology.”
The allure of end-to-end encryption – www.greensheet.com – 7/26/10 – “ cope reduction" should be a magical phrase to merchants, acquirers and ISOs because it refers to reducing the applicability of Payment Card Industry (PCI) Data Security Standard (DSS) controls. PCI compliance is no small matter, nor is it inexpensive.”
Delta Cafe Reports Possible Credit Fraud– www.countywidenews.com – 8/3/10 – “Dixie Restaurants, the owner of Delta Cafe, has learned of a potential breach of credit and debit card information at its Delta Café location in Shawnee.”
Credit and debit card skimming: Look out for fraudulent readers at gas stations– www.csoonline.com – 8/3/10 – “ An increasing number of gas stations around the country (and their patrons) are falling prey to a skimming scam crooks are pulling to steal credit and debit card numbers. ”
New Fraud Spree Investigated– www.bankinfosecurity.com – 8/2/10 – “The arrests of two men in Florida on multiple identity theft charges represent "just the tip of the iceberg" in payment card crimes against merchants and consumers across the U.S., according to law enforcement officials.”

July 2010

Crime Branch launches hunt for kingpin of credit card scam– www.thehindu.com – 7/31/10 – “Central Crime Branch (CCB) of the city police has launched a hunt for the kingpin of a gang whose members acquired credit/debit card details of customers of some petrol bunks in the city and used them to make fake cards.”
Data Breaches in 2010: Causes, Consequences, and How to Prepare Your Organization – www.javelinstrategy.com – 7/31/10 – “Join Javelin for a complimentary webinar presentation on data breaches in 2010, their causes and consequences, and how organizations are proactively preparing themselves in advance of a data loss event.”
Cheesecake Factory Credit Card Skimmer Pleads Guilty– legaltimes.typepad.com – 7/30/10 – “Neil MacBride, United States Attorney for the Eastern District of Virginia, and Jeffrey Irvine, special agent in charge of the United States Secret Service's Washington Field Office, have announced that Ward, 28, pleaded guilty today to conspiring to commit bank fraud for her involvement in a card-skimming scheme that targeted customers of The Cheesecake Factory in Northwest Washington.”
Small Businesses Refute Banking Industry Scare Tactics– www.nacsonline.com – 7/30/10 – “In testimony on Capitol Hill, retailers lay out how swipe fees hurt small businesses and how the banks are trying to scare Congress into inaction.”
Debit card skimming charges laid– www.cbc.ca – 7/29/10 – “A 22-year-old Ontario man has been charged in connection with debit card skimming after police arrested him in Halifax Wednesday.”
Hotel guests still most at risk for identity theft– travel.usatoday.com – 7/29/10 – “Computer hackers continue to steal hotel guests' credit-card data more than any other industry - and there's little consumers can do to protect themselves, Nicholas Percoco, an Internet expert who investigates corporate data breaches, tells Hotel Check-In.”
Visa Hopes It Can Come to Terms with the Justice Department– www.digitaltransactions.net – 7/29/10 – “Barely a week after Congress landed a hard left punch on the card networks, the U.S. Department of Justice might be about to land a right in the form of a lawsuit challenging network rules aimed at preventing merchants from surcharging for credit card payments or otherwise steering customers toward less-expensive payment forms. ”
Exclusive: Geelong ATM scam suspects revealed – www.geelongadvertiser.com.au – 7/29/10 – “Police last night released video surveillance images of the suspected card skimmers in the hope that residents and business owners could help track the pair's movements while they were in Geelong earlier this month.”
Verizon 2010 Data Breach Investigations Report– www.verizonbusiness.com – 7/29/10 – “In some ways, data breaches have a lot in common with fingerprints. Each is unique and we learn a great deal by analyzing the various patterns, lines, and contours that comprise each one.”
Police charge Toronto man in Halifax debit-card skimming operation – www.theglobeandmail.com – 7/29/10 – “Man was arrested at the Via Rail station; police say operation targeted CIBC automated banking machines”
Verizon data breach report 2010: Insider breaches on the rise– searchsecurity.techtarget.com – 7/28/10 – “Highly anticipated data released today by Verizon Business shows the number of insider breaches is rising, caused largely by malicious insiders who collude with cybercriminals, granting them access to critical systems.”
Florida Could Have Statewide Skimmer Ring – www.nacsonline.com – 7/28/10 – “Florida law enforcement personnel think the recent credit-card skimming devices found at Gainesville gasoline stations indicate a statewide group of thieves, the Gainesville Sun reports. ”
Verizon boosts Australian data-breach team– www.securecomputing.net.au – 7/28/10 – “Verizon Business has tripled the size of its Australian data-breach investigations team to handle a growing number of breaches in Asia-Pacific.”
Organised crime behind 85 per cent of all data breaches– www.securecomputing.net.au – 7/28/10 – “Organised crime accounted for 85 per cent of all data stolen in external attacks on companies, according to a report carried out by Verizon Business in conjunction with the US Secret Service.”
Fast food customers' identities stolen by worker, say police – www.king5.com – 7/28/10 – “Three people are charged in an alleged identity theft ring, skimming credit and debit card information from fast food customers at a Tukwila Wendy's restaurant.”
Edmonton bank the target of fraud– edmonton.ctv.ca – 7/28/10 – “A skimming device has been found at a TD Canada Trust branch on Whyte Avenue late Tuesday afternoon.”
Saskatoon ATM Skimming Case – www.newstalk980.com – 7/28/10 – “A 21 year old Quebec man charged in connection to a massive debit card skimming operation is pleading not guilty. Diego Aparicio-Arguedas was charged after thousands of dollars were siphoned earlier this month from hundreds of Saskatoon bank accounts.”
Verizon Data Breach Report: Some Big Surprises– www.informationweek.com – 7/28/10 – “One of the most comprehensive data breach reports available found the number of breaches to have declined significantly last year, and significant changes in how attackers are infiltrating companies.”
Ukrainian Carding King ‘Maksik’ Was Lured to Arrest– www.wired.com – 7/28/10 – “A Ukrainian carder who earned more than $11 million selling credit and debit card data stolen from top U.S. retailers was lured to a meeting in Turkey in 2007 where he was arrested by local authorities, according to a new report released Wednesday.
Senators fail to agree on privacy approach– news.cnet.com – 7/28/10 – “ After six months worth of allegations of privacy invasions involving some of the largest Internet companies, it should come as no surprise that politicians are calling for new laws. The fact that it's an election year probably made it inevitable. ”
Hacker takes swipe at Tobyhanna credit union debit cards– thetimes-tribune.com – 7/28/10 – “Nearly a dozen debit cards issued by Tobyhanna Army Federal Credit Union were tapped into by a computer a hacker who tried to make purchases in Illinois, a credit union spokeswoman said Tuesday.”
Is Your Money Safe? Banks are Biggest Cybercrime Targets– moneywatch.bnet.com – 7/28/10 – “Organized crime is making a big business out of stealing bank account and credit card records, says an authoritative study released this morning.”
Buried in Reform Law, a Ban on Debit Exclusivity– www.americanbanker.com – 7/28/10 – “A provision in the regulatory reform law that received scant attention during the protracted debate in Congress is already generating more business at some debit networks...”
Charge: Fast-food worker stole 130+ identities in id theft ring– www.seattlepi.com – 7/28/10 – “King County prosecutors have filed identity-theft charges against a fast-food worker and two alleged accomplices on allegations that she used a "skimmer" to steal credit card information.”
Fed Official Warns Card Fraud Threat Growing in U.S.– www.paymentssource.com – 7/27/10 – “The U.S. banking industry’s reliance on mag-stripe credit and debit cards threatens to turn the country into a magnet for more card-based fraud, said a payments executive with the Federal Reserve Bank of Atlanta in a blog posting last week. ”
The Dodd-Frank Interchange Haircut Could Exceed $10 Billion– digitaltransactions.net – 7/26/10 – “Visa and MasterCard debit card issuers stand to lose up to $10.7 billion in interchange income a year in a worst-case scenario under new federal interchange controls that will take effect next year, according to a Digital Transactions News analysis.”
BCLC could face huge fines for credit breach: expert– www.ctvbc.ctv.ca – 7/27/10 – “The B.C. Lottery Corporation could face hefty fines as a result of displaying credit card information during the crash of its ill-fated website, according to a credit card security expert. ”
Skimmers found at two more gas stations – www.alligator.org – 7/27/10 – “Another pair of gas stations has fallen victim to the same credit card-skimming scam that stole credit card information from customers of two Newberry Road gas stations earlier this month.”
Heartland Heads to the Finish Line– blogs.bankinfosecurity.com – 7/27/10 – “What a difference a year makes. Last summer at this time, payments processor Heartland Payment Systems was sweating under the spotlight turned on by the historic Heartland data breach -- the largest such incident ever reported. Heartland and its leaders faced glaring scrutiny from everyone in the financial services industry.”
Man granted bail in card skimming case– www.thestarphoenix.com – 7/27/10 – “A 21-year-old man from Quebec who was arrested at a Saskatoon hotel last week in connection with a debit card skimming operation was released on bail Monday.”
Semtek Announces Open Licensing of Cipher Hidden Encryption for Point of Sale Devices– www.prnewswire.com – 7/27/10 – “Semtek announced today that ViVOtech, the leading contactless and mobile payments solution provider, has become the first new licensee of Semtek's Cipher Hidden Encryption for its customer-facing point of sale devices under Semtek's new global open licensing framework.”
Visa Europe offers best practice guidelines for hotels– www.finextra.com – 7/26/10 – “Visa Europe, Europe's leading payment system, today launched the first whitepaper aimed at helping the hospitality industry safeguard customer data. ”
One Breach = $1 Million To $53 Million In Damages Per Year, Report Says – www.darkreading.com – 7/26/10 – “New Ponemon report studies real attack cases and their financial fallout; new Digital Forensics Association study tallies five-year public breach data ”
What it Takes to Fight Fraud– www.bankinfosecurity.com – 7/26/10 – “Jack McCoy is an internal fraud investigator. Currently the VP of corporate security at Discover Financial Services, McCoy previously spent 29 years as a special agent with the Federal Bureau Investigation. ”
Gainesville skimmers thought to be part of crime ring– www.gainesville.com – 7/26/10 – “Law enforcement officials say a dozen credit card skimming devices have been found in the past month at Gainesville area gas stations -- including four on Friday and one Sunday -- along with other devices found at St. Johns and Flagler county stations, in what appears to be a statewide theft ring.”
Can chip-and-pin technology address payment card fraud in the United States?– portalsandrails.frbatlanta.org/ – 7/26/10 – “Last week's blog discussed how the United States has been slow to adopt the chip-and-pin payments card technology that many other countries are already using. We suggested that the continued reliance of the United States on the magnetic-stripe standard leaves consumers here more vulnerable to fraud. ”
Citi Admits Security Flaw in iPhone App– www.thestreet.com – 7/26/10 – “Citigroup has found a security flaw in one of its key mobile banking apps designed for Apple's iPhone, but denied there's any data breach. ”
Chips haven't led to lower credit card bills: Consumer group– www.torontosun.com – 7/23/10 – “Canadians should have seen the hefty interest rate charges on their credit cards go down since chip technology has been rolled out nationwide but it hasn’t happened, says the president of the Consumers’ Association of Canada.”
NRF Calls Signing of Swipe Fee Fix Important First Step, Urges Regulators to Treat Debit Same as Checks– www.nrf.com – 7/21/10 – “The National Retail Federation welcomed today’s signing of financial reform legislation that includes landmark provisions to control the $48 billion in credit and debit card swipe fees paid by retailers and their customers each year, and urged regulators to follow Congress’ intent of achieving major reductions in the fees.”
Suspect sought in Lethbridge debit card skimming scam– www.calgaryherald.com – 7/23/10 – “Police in Lethbridge are seeking a suspect in a skimming scam that used stolen debit card data from fast-food outlets in the city.”
WPA2 Broken Again And, This Time, No Patch– storefrontbacktalk.com – 7/21/10 – “Wireless security is broken—again. And this time, it’s WPA2, the WiFi security protocol that meets PCI-DSS requirements.”
Police foil debit card swiping scheme– www.thestarphoenix.com – 7/21/10 – “People who have magnetic stripe debit cards might consider switching to chip technology after 600 of the older cards were comprised during the weekend.”
Bail denied in debit card skimming case– www.country95.fm – 7/21/10 – “Bail was denied Wednesday morning for 23-year old Abdel Madjid Benzabe-Meloua. Regional Police arrested a suspect July 9th in our city, after a tip from ATB officials. The individual had numerous "cloned" debit cards and $1,200 cash.”
President Enacts Swipe Fee Reforms – www.nacsonline.com – 7/21/10 – “With the stroke of a pen, debit card swipe fee relief became a reality today as President Obama signed into law a comprehensive financial services reform bill.”
Massachusetts Facility Reports Data Breach of 800,000 Records– www.ihealthbeat.org – 7/20/10 – “On Monday, officials at South Shore Hospital in Massachusetts announced that the personal information of about 800,000 individuals could be missing after an off-site contractor responsible for destroying the computer files did not receive all of them, the Boston Globe reports.”
Fraud/Debit Skimming Investigation– www.police.saskatoon.sk.ca – 7/20/10 – “A 21 year old Quebec man is facing charges following a debit card skimming scam which took place over the weekend in Saskatoon.”
Debit card skimmer caught in Saskatoon– video.ca.msn.com – 7/20/10 – “Saskatoon police have charged one man over a debit card skimming operation, Jennifer Quesnel reports.”
Police say skimming very serious problem– www.azcentral.com – 7/20/10 – “Scottsdale police want to warn people of the increasing skimming problem in the valley. They recently found two skimmer devices on two bank machines on the same day last week.”
Man charged in debit-card scam after hotel staff find $100,000 in cash– www.vancouversun.com – 7/20/10 – “A 21-year-old Quebec man has been charged in connection with a debit-card skimming scam that netted nearly $100,000 in cash.”
US risks becoming a global centre for card fraud warns senior Fed staffer– www.finextra.com – 7/20/10 – “A senior official at the US Federal Reserve has expressed alarm that the country is being left isolated by its reliance on mag-stripe cards while the rest of the world moves to more secure EMV-based Chip and PIN payment technology. ”
Semtek Announces PCI DSS De-scoping of Major National Retailers– www.semtek.com – 7/20/10 – “Semtek announced today that two of its national retail clients have successfully received new Reports of Compliance (ROC) from their PCI Qualified Security Assessors that have resulted in major de-scoping of their retail systems environments from PCI DSS auditing requirements.”
Soccer balls and payment cards: A push for global standards– portalsandrails.frbatlanta.org – 7/19/10 – “I am generally not a soccer fan but over the past few weeks I found myself curiously engaged in that nationalistic spectacle called the World Cup.”
Police finds skimmers on Scottsdale, Ariz. bank ATMs– www.securityinfowatch.com – 7/19/10 – “Police are warning ATM customers about two ATM skimmers found at Scottsdale bank locations this past week.”
Governor Brewer calls for increased effort to combat a rise in credit card skimmers– www.abc15.com/– 7/19/10 – “Governor Jan Brewer is taking new measures to combat a rise in the number of credit card "skimmers" found around the Valley.”
Card skimmer found at Woodstock bank ATM – www.country1073.ca – 7/19/10 – “Woodstock police are investigating after an observant citizen called them Sunday afternoon to report they had discovered a debit card skimming device attached to an A-T-M at the Toronto Dominion Bank branch located at 539 Dundas Street.”
Public warn of gas station card ‘skimmers’– www.aurorasentinel.com – 7/15/10 – “Police are warning area gas stations to be on the lookout for “skimming devices” that can steal sensitive information from credit cards at area gas pumps.”
Senators reintroduce identity theft measure– www.nextgov.com – 7/14/10 – “A measure reintroduced in the Senate on Wednesday would trump state regulations that seek to protect consumers from identity theft by establishing a national law that requires public and private institutions to safeguard sensitive data and to notify people whose personal information might have been compromised.”
Fraud Could Come from North after Canada Phases in EMV Cards– www.americanbanker.com – 7/14/10 – “The first deadlines for Canadian banks and merchants to shift to the EMV Integrated Circuit Card Specifications will hit in October, and security experts are warning that U.S. payments ...”
Pay-At-The-Pump Skimming on the Rise– www.bankinfosecurity.com – 7/12/10 – “At a Shell station in Alachua, FL, last week, a service technician found a skimming device on a pay-at-the-pump terminal when he opened the machine for a routine maintenance check.”
Can Canadian Example Chip Away at EMV Resistance in U.S.?– www.americanbanker.com – 7/9/10 – “In their wallets, millions of U.S. consumers carry payment cards with chips that can support a highly regarded security format used in much of the industrialized world”
Aurora gas stations targeted in credit card theft scheme– www.kdvr.com – 7/16/10 – “Aurora Police have issued a crime alert to gas stations throughout the city, warning them about the discovery of a credit card skimming device found inside a gas pump earlier this month.”
Debit Card Skimming Scam :: Gang Bust by FIA Lahore with ABL FRMU Collaboration– news.fmota.com – 7/16/10 – “The main culprits in this scam are Muhammad Asif bearing CNIC Number 35201-3814830-3, Ashfaq Arif bearing CNIC 35202-4532072-5 and Javed Iqbal.”
Senate Sends Swipe Fee Reform to President Obama – www.nacsonline.com – 7/16/10 – “The Senate cast the final vote yesterday on the financial services reform bill, sending debit card swipe fee reform to President Obama for his signature.”
MasterCard: Most banks agree to breach settlement– www.businessweek.com – 7/15/10 – “MasterCard Inc. said Thursday nearly all of the banks with claims related to a 2008 data security breach have agreed to accept a settlement.”
Alert: ATM Skimmers Found in Scottsdale– www.myfoxphoenix.com – 7/15/10 – “Scottsdale Police are warning ATM and bank card users about skimmers that have been found on two ATM machines near Scottsdale and Shea -- and there could be more.”
Public warn of gas station card ‘skimmers’– www.aurorasentinel.com – 7/15/10 – “Police are warning area gas stations to be on the lookout for “skimming devices” that can steal sensitive information from credit cards at area gas pumps.”
PD Finds Skimmers On Scottsdale Bank ATMs– www.kpho.com – 7/15/10 – “Police are warning ATM customers about two ATM skimmers found at Scottsdale bank locations this past week.”
Visa moves to reduce payment card data in retail systems– www.computerworld.com – 7/15/10 – “A new payment card security initiative launched by Visa Inc. Wednesday could eliminate the need for retailers and other organizations to store full, 16-digit credit and debit card numbers on their systems.”
Zeus takes aim at credit authentication services– ww.securecomputing.net.au – 7/15/10 – “The infamous Zeus malware botnet has begun harvesting user bank data by posing as a credit card verification scheme.”
Visa To Acquirers: Stop Forcing PAN Retention– www.storefrontbacktalk.com – 7/14/10 – “Visa on Wednesday (July 14) sent a direct message to acquiring banks: Stop making retailers retain credit card information unless you want to stop servicing Visa.”
Not PCI Compliant? No Problem– www.practicalecommerce.com – 7/14/10 – “By Practical eCommerce's count, there are nearly 600 English-language shopping carts. These include hosted carts, licensed software carts and open-source carts.”
Visa Best Practices for Primary Account Number Storage and Truncation – www.visa.com – 7/14/10 – “Due to misinterpretation of Visa dispute processing rules, some acquirers require their merchants to unnecessarily store full Primary Account Numbers (PANs) for exception processing to resolve disputes.”
Visa Best Practice: Tozenization – www.visa.com – 7/14/10 – “As part of these best practices, Visa recommended that entities use tokens (such as a transaction ID or a surrogate value) to replace the Primary Account Number (PAN) for use in payment-related and ancillary business functions.”
Bank, Customer Headed to Trial– www.bankinfosecurity.com – 7/13/10 – “In a move pushing the Experi-Metal vs. Comerica Bank case closer to a courtroom showdown over "reasonable security," a district court judge has denied Comerica's motion for summary judgment.”
Debit card skimming 'epidemic': police– www.cbc.ca – 7/13/10 – “Criminals across the country are stealing debit card terminals, installing equipment to record card information and PIN codes, then replacing them and using the skimmed data to clean out bank accounts, according to police.”
Enough With The PCI Finger Pointing Already– storefrontbacktalk.com/ – 7/12/10 – “When it comes to PCI compliance, I am sick and tired of everyone pointing fingers at someone else. Nobody wants to be in the line of fire when (not “if”) a breach happens.”
TJX Settles Another Data Breach Lawsuit And Puts Itself In Charge Of The Oversight – storefrontbacktalk.com – 7/11/10 – “You have to wonder who is left among the U.S. entities that have not sued—and then settled with—TJX for its infamous data breach of more than 100 million card numbers. The latest to come up to the till: The Louisiana Municipal Police Employees’ Retirement System.”
Pay-At-The-Pump Skimming on the Rise– www.bankinfosecurity.com – 7/12/10 – “At a Shell station in Alachua, FL, last week, a service technician found a skimming device on a pay-at-the-pump terminal when he opened the machine for a routine maintenance check.”
Man Charged in Debit Card Skimming Operation– cjocfm.com – 7/12/10 – “Lethbridge Regional Police have arrested a man and charged him with several offences relating to a debit card skimming operation.”
Trustwave Chairman, CEO, and President Robert McCullen shares lessons learned – issuu.com – 7/10/10 – “Trustwave Chairman, CEO, and President Robert McCullen shares lessons learned from the company's breach investigations for clients.”
When SC Magazine and the security industry met with the PCI Security Standards Council's European director– www.scmagazineuk.com – 7/9/10 – “I have been intrigued by the way that the Payment Card Industry Data Security Standard (PCI DSS) is enforced for some time now. After all, it is not controlled by a government-appointed regulator, its enforcement level seems to be minimal, and quite frankly I have often perceived it to be an ‘opt-in' benchmark.”
Two more credit card skimmers found at gas pumps near I-75 - Gainesville Sun– www.gainesville.com – 7/9/10 – “Law enforcement officers from various agencies continued on Friday to check the pumps of gas stations along Interstate 75 through Alachua County for devices that could get the credit card information of customers.”
PCI Security Standards Council Expands Global Reach with Appointment of European Director - www.scottrade.com - 7/08/2010 - Today, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), announced the appointment of Jeremy King as European Director for the PCI SSC.”
Canada's newly introduced data breach is a start, but it lacks teeth– www.scmagazineus.com – 7/8/10 – “The Parliament of Canada recently introduced Bill C29, also known as an act that amends the Personal Information Protection and Electronic Documents Act (PIPEDA).”
More credit card skimming devices found in gas pumps – www.gainesville.com – 7/8/10 – “Two days after a worker discovered an illegal credit card skimming device inside a gas pump at a station near the interchange of Interstate 75 and Newberry Road, more such devices have been discovered at a nearby gas station, the Alachua County Sheriff’s Office said Thursday.”
Card Fraud Soars, But Not Fraud Rate. Thanks To Visa– storefrontbacktalk.com – 7/8/10 – “Here’s an interesting stat: As payment card fraud continues to soar each year, the actual rate of fraud—in an X cents per $100 perspective—has remained impressively the same, according to new figures released by The Nilson Report this week.”
The Changing Nature of US Card Payment Fraud: Industry and Public Policy Options – www.kansascityfed.org – 7/7/10 – “The rapid transition to card payments has sparked a search for effective countermeasures to those who exploit card payment security vulnerabilities to commit payment fraud. A review of these vulnerabilities finds that they are tied together by an information-intensive payment approval system.”
Apple iTunes Fraud Is Firm's Latest Hurdle – www.smartmoney.com – 7/7/10 – “Apple is facing another public relations challenge after an app developer breached hundreds of its iTunes user accounts, triggering customer complaints about fraudulent activity, according to The Wall Street Journal. ”
Card breach linked to national company– www.wlfi.com – 7/2/10 – “A local security breach with credit and debit cards has been linked to a national company.”
Hidden credit card skimmer found in local gas pump – www.gainesville.com – 7/1/10 – “An alert technician found a device on a gas pump apparently designed to capture credit card information this week. The device, known as a credit card skimmer, was seized by the Alachua County Sheriff's Office.”
Investor, TJX settle suit over data theft– www.boston.com/ – 7/7/10 – “TJX Cos., which owns the T.J. Maxx and Marshalls discount retail chains, has settled an investor lawsuit related to the theft of millions of its customers’ credit card numbers.”
Card skimmed in City, transaction made in Karachi– www.deccanherald.com – 7/6/10 – “In a shocking incident, a woman’s debit card was allegedly skimmed at a coffee shop on Lavelle Road and two transactions worth about Rs 19,000 were carried out at Karachi, Pakistan.”
UH Database Security Breach Puts Thousands At Risk– www.kitv.com – 7/6/10 – “A security breach at the University of Hawaii-Manoa could affect 53,000 people.”
New twist in ATM skimmer scams can empty your account– www.usatoday.com – 7/6/10 – “Thieves are using high-tech skimmers to steal account information at automatic teller machines — and victims don't know they have a problem until they see their statements.”
Credit Card Hackers Visit Hotels All Too Often– www.nytimes.com – 7/5/10 – “HERE’S something that the struggling hotel sector prefers not to spotlight: it is a favorite target of hackers.”
Card breach linked to national company– www.wlfi.com – 7/2/10 – “A local security breach with credit and debit cards has been linked to a national company. Lafayette Police detective B.T. Brown said the security issue affected the Camilles Sidewalk Cafe restaurants in the area.”
New Twist In ATM Skimmer Scams Can Empty Out Your Bank Account– www.wusa9.com – 7/2/10 – “It is happening in the DC area. Bank statements showing money missing from checking accounts or charges consumers never made. The culprit? Thieves using high-tech new ATM skimmers to steal account information.”
Risky Software Still in Place as a Visa Deadline Passes – www.digitaltransactions.net – 7/2/10 – “Although many U.S. merchants and processors have met Visa Inc.’s July 1 deadline for replacing unapproved point-of-sale software applications with ones that meet requirements of the Payment Application data-security standard, or PA-DSS, many non-compliant card-processing applications remain in the marketplace, Visa says.”
Card skimmer found at Dumbarton bank – www.lennoxherald.co.uk – 7/1/10 – “HUNDREDS of bank customers are at risk from fraud after a card “skimmer” was found attached to a cash machine.”
Visa Revokes PCI Approval From Ingenico PIN Pads Following Breach– www.storefrontbacktalk.com – 7/1/10 – “In a move that seems to reflect a very different PCI approach coming from Visa, the world’s largest card brand has ripped the PCI approval from two Ingenico PIN entry devices (PEDs) after a data breach."

June 2010

Visa to Aid Merchants That Miss Security Deadlines– www.americanbanker.com – 6/30/10 – “Visa Inc. said it is planning to help merchants that fail to meet two July 1 payment security deadlines.”
FTC says scammers stole millions, using virtual companies– www.computerworld.com – 6/27/10 – “The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.”
Tokenization vs encryption: RSA touts tokens to reduce PCI DSS pain– searchsecurity.techtarget.com – 6/23/10 – “Payment industry executives and security experts are currently debating over the right way to preserve and protect credit card data. Merchants can choose between a variety of formats, from format preserving encryption, which replaces the 16-digit credit card number with an encryption algorithm to card-based tokens, which substitute a random token with the hope that it could reduce the scope of a PCI DSS assessment. Robert Griffin, technical director at RSA, the security division of EMC Corp., has been the lead architect in a number of encryption and tokenization projects.”
Police Warn Of Okla. Skimming Scam– www.koco.com – 6/30/10 – “Police said they're uncovering an underground network of people who look to buy and sell consumer credit and debit card numbers, including victims in the Oklahoma City area.”
Blue Cross Blue Shield security breach – www.accessnorthga.com – 6/30/10 – “Georgia's largest health insurance company is warning that 70,000 Georgians may have had their medical information, their credit card and social security information wrongly accessed.”
Destination Hotels card-processing system hacked– www.computerworld.com – 6/29/10 – “Hackers have broken into the payment processing system of Destination Hotels & Resorts, a high-end chain best known for its resort hotels in destinations such as Vail, Colorado; Lake Tahoe, California; and Maui, Hawaii.”
Skimming suspect faces additional charges– www.shreveporttimes.com – 6/29/10 – “A man arrested this month for stealing people’s credit card information with a skimming device while working at a local fast food restaurant faces more charges.”
Security glitch exposes WellPoint data again– www.google.com – 6/29/10 – “WellPoint Inc. has notified 470,000 individual insurance customers that medical records, credit card numbers and other sensitive information may have been exposed in the latest security breach of the health insurer's records.”
39 Breaches in 1st Half of 2010– www.bankinfosecurity.com – 6/28/10 – “Already in the first six months of 2010, financial institutions have been involved with more than half the total data breaches they suffered in 2009 - and experts don't see the pace decreasing.”
Kiwi cops tops for netting skimmers – www.stuff.co.nz – 6/27/10 – “POLICE have scooped a major international crime-fighting award for stopping credit card skimmers.”
TNS Helps Industry Strengthen Payment Transaction Security– www.pymnts.com – 6/28/10 – “Transaction Network Services is playing an increasing role in helping acquirers and merchants protect sensitive cardholder information as payment transaction security continues to be a major issue for everyone involved in the industry.”
Task Force: Valet Busted in Credit Card Skimming Scam – www.nbclosangeles.com – 6/28/10 – “Southern California has long been ground zero for credit card skimmers and identity theft hackers. Thousands of times a day in Southern California, trusting drivers hand their cars over to valets.”
U.K. Gang Caught for Chip-and-Pin Scheme – www.nacsonline.com – 6/28/10 – “A group of U.K. thieves has been caught after siphoning off £725,000 from gasoline customers’ credit and debit cards in a chip-and-pin scam, the BBC reports.”
FTC Says Scammers Stole Millions, Using Virtual Companies– www.pcworld.com – 6/27/10 – “The U.S. Federal Trade Commission has disrupted a long-running online scam that allowed offshore fraudsters to steal millions of dollars from U.S. consumers -- often by taking just pennies at a time.”
RCMP bust another credit card skimmer scam– www.richmond-news.com – 6/25/10 – “Another credit card skimming scam has been shut down. Richmond RCMP have arrested a 24-year-old male whom they say had been illegally stealing credit card information at a local restaurant.”
Big Breach at Anthem Blue Cross– www.healthdatamanagement.com – 6/25/10 – “Anthem Blue Cross, the trade name for Blue Cross of California, is notifying about 230,000 members and applicants for insurance that a Web site used to apply for individual health insurance policies was breached.”
Outsourced payment card services to take off by 2015– www.zdnetasia.com – 6/24/10 – “Retailers are buckling under the strain of having to store, manage and locate key customer account information as well as remain compliant with industry standards. In order to manage their credit card data security, a new RSA study suggests that companies look at secure payment services such as data encryption and tokenization.”
Destination Hotels & Resorts Reacts Swiftly to Credit Card Interception– www.prnewswire.com – 6/24/10 – “Destination Hotels & Resorts reported today that it has responded quickly to being victimized by a credit card fraud scheme, and guests at 21 of its hotels in the United States may have been victims as well. Destination said it uncovered a malicious software program inserted into its credit card processing system from a remote source.”
OU Reports Virus, Security Breach– www.koco.com – 6/24/10 – “The University of Oklahoma is warning students about a security breach that may put their personal information at risk. The university said its Information Technology department noticed unusual Internet activity on a laptop computer associated with its network.”
TNS White Paper: Card Data Security in an IP World– www.paymentsnews.com – 6/24/10 – “While a shift to IP based payment systems (from legacy systems) offers many advantages to businesses, it also presents a much more advantageous environment for cybercriminals to operate as the protocols are easily understood; they can easily remain anonymous on public IP networks, and maintain hundreds or thousands of simultaneous connections for malicious purposes such as Denial of Service, which can make payment networks unavailable for processing transactions.”
700-Plus Credit Cards Stolen from Hotel– abcnews.go.com – 6/24/10 – “Computer hackers targeting travelers at luxury hotels across the country made off with hundreds of thousands of dollars during the past three months by breaking into the computer system of a national hotel chain and stealing the guests' credit card information, Texas police officials told ABC News today”
Dozens of Driskill guests' credit card numbers swiped– www.statesman.com – 6/24/10 – “The credit card numbers of dozens of recent guests at the downtown Driskill Hotel were stolen after thieves hacked into the accounting network for the hotel's management company, officials said.”
Thinking About Security ROI From The Thief’s Perspective – storefrontbacktalk.com – 6/24/10 – “Retail IT execs have always been very good at making risk-based security budget decisions. They know how to calculate the probability of a certain attack method being used against them, its chances for success and the likely cost to the chain if it succeeds.”
Will Senate Bill Force The U.S. To Go Chip-And-PIN?– www. – 6/24/10 – “With Wal-Mart’s recent push for Chip-and-PIN in the U.S., the debate has been what could possibly push the banks into supporting such a costly move. One financial blog is making a compelling argument that the U.S. Senate may be about to jump into the U.S. EMV case.”
Dave & Buster’s Gets 20 Years In Gonzales Settlement– storefrontbacktalk.com – 6/24/10 – “Dave & Buster’s will spend the next 20 years under the watchful eye of the FTC, according to a consent agreement finalized this month.”
Chip-And-PIN Breach: Bluetooth, Burned Hole In Back Of Card Reader – storefrontbacktalk.com – 6/24/10 – “For those who are arguing that Chip-and-PIN represents the gold standard in card security, there was a cold splash of reality this week. Four fraudsters from London were sentenced to jail for their parts in a nine-month string of thefts that netted almost $1.1 million by tampering with Chip-and-PIN card readers at gas stations.”
Will the Durbin Amendment lead to Chip + PIN in the US?– www.smartcardalliance.org – 6/23/10 – “Amidst all the hype, politics and lobbying in the Durbin Amendment interchange fees debate, is a little-noticed component that could have a big impact on the state of payment technology in the US.”
Bank of New Zealand patents new anti-fraud card system – www.monstersandcritics.com – 6/23/10 – “The Bank of New Zealand (BNZ) said Wednesday that it had acquired worldwide patents for technology that stops criminals from skimming debit and credit card at automatic teller machines (ATMs).”
Spaniard Victim of Card Scam– www.thebalitimes.com – 6/23/10 – “A Spanish man has complained to Kuta Police that his credit card was skimmed and used for unauthorised purchases while he was staying in Bali in April.”
New PCI DSS Guide for Merchants– blog.elementps.com – 6/23/10 – “We just published a new PCI compliance resource guide for merchants. The guide is intended to provide simple and quick information security steps for small to mid-size merchants that accept credit and/or debit cards as a form of payment.”
Chip-and-PIN fraud gang jailed– www.zdnet.co.uk – 6/22/10 – “A gang of four Londoners have been jailed for a Chip-and-PIN fraud operation which netted £725,000. The BBC reported on Monday that Theogenes De Montford, the ring-leader, was given four and a half years, while Rajakumar Thevathasan, Rashid Hassan, and Usman Mahmood each received three and a half year jail sentences at Southwark Crown Court.”
Payment card industry compliance deadlines to hit UK business– www.computing.co.uk – 6/18/10 – “Payment Card Industry (PCI) compliance deadlines due at the beginning of July could mean a rise in credit card processing costs for small firms who don't comply.”
Internet Fraud Alert Program Launched – www.informationweek.com – 6/18/10 – “Internet Fraud Alert, a new program aimed at sharing information about stolen account credentials and mitigating the potential losses associated with online fraud, launched Thursday.”
Security budgets stable or increasing at financial firms– www.securecomputing.net.au – 6/21/10 – “Despite the global financial crisis, information security budgets at financial institutions generally are staying stable, many even have increased, according to a study conducted by accounting and consulting firm Deloitte.”
ATM Skimming: How Effective is Jitter?– www.bankinfosecurity.com – 6/21/10 – “ATM skimming -- it is the fastest-growing electronic-fraud risk, according to the U.S. Secret Service, accounting for more than $1 billion in annual losses. And some industry experts estimate skimming-related losses to be as much as three times higher.”
Man jailed over chip and pin fraud– www.google.com – 6/21/10 – “One of the UK's most prolific chip and pin fraudsters, from west London, has been jailed for four-and-a-half years.”
Assessor Validates VeriFone’s VeriShield Protect End-to-End Encryption Solution– pymnts.com – 6/21/10 – “VeriFone Systems, Inc. (NYSE: PAY), and Coalfire Systems, Inc., today announced that an independent assessment by Coalfire has determined that VeriFone’s VeriShield Protect end-to-end encryption solution meets all Visa Data Field Encryption guidelines as well as other industry standards.”
Secret Service: ATM Card Skimming Five Times Higher This Year– activerain.com – 6/20/10 – “ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight.”
FBI investigates credit card scam– www.daily-times.com – 6/18/10 – “A Durango restaurant unknowingly served up some very expensive ribs two months ago. More than 270 credit card accounts were used in purchases across the country after the computer systems at two Serious Texas Bar-B-Q restaurants in Durango were breached between February and April, FBI Special Agent Darrin Jones said.”
Police bust massive global credit card fraud ring– www.securecomputing.net.au – 6/17/10 – “Police in 12 countries have arrested 178 individuals linked to an international credit card fraud ring.”
MasterCard Experimenting With Card That Displays One-Time Password– www. – 6/17/10 – “In a MasterCard experiment announced this month with a bank in Turkey, the payment powerhouse has radically revamped what a credit or debit card should look—and act—like.”
Area Banks' Security Challenge– www.countytimes.com – 6/17/10 – “Identity theft has topped the Federal Trade Commission’s list of consumer complaints for the past eight years, and almost 10 million Americans were victims last year alone—up 22 percent over the previous year, according to Profit Protection, a nationwide company that helps the banking industry keep abreast of the ever-changing challenges posed by Internet hackers and personal data thieves.”
Visa To Franchisors: “We’re Here To Talk, Not To Listen”– storefrontbacktalk.com – 6/17/10 – “When it comes to PCI compliance for franchisors, Visa is completely out of touch with reality. Well, perhaps not completely out of touch with reality. But based on a 9-hour Visa Franchisor Payment Systems Security Symposium on Wednesday (June 16), the brand is pretty darn close.”
Internet sleuths get new way to report stolen data– www.google.com – 6/17/10 – “A new program being spearheaded by Microsoft Corp. is designed to provide a trusted way for researchers to report stolen credit card numbers and other data they've found in the dark corners of the Internet.”
PCI Compliance - Are UK Businesses Ready?– www.freshbusinessthinking.com – 6/17/10 – “The Payment Card Industry Data Security Standard (PCI DSS) will apply to organisations in the UK from September 30th 2010.”
Global fraud tool on the horizon – www.greensheet.com – 6/16/10 – “The international fraud fight may have an interesting new aspect. A global firm called ValidSoft is preparing to implement a program designed to authenticate payment card purchases by measuring proximity between a card transaction and the cardholder's cell phone.”
Security breach pushes First Victoria to block signature-based transactions on debit cards– www.victoriaadvocate.com – 6/16/10 – “First Victoria bank placed blocks on its MasterCard debit cards after a small amount of card numbers was compromised by a third-party source. The bank suspects the issue has to do with a merchant somewhere in the southwestern United States, said Don Sparks, senior vice president and bank services manager for First Victoria.”
Fraud And Overdraft Regs Threaten Debit Card Profitability– www.digitaltransactions.net – 6/16/10 – “Debit cards are more popular than ever, but issuers see threats to the bottom line from rising fraud and more regulation. Loss rates rose 43% on signature debit cards and 24% for PIN-debit cards in 2009, according to the Pulse EFT network’s fifth-annual survey of the debit market.”
Toxic Waste: Old PIN Pads Never Die, But They Really Should– storefrontbacktalk.com – 6/16/10 – “Do you accept PIN-based debit cards at your stores? Have you been accepting these PIN transactions for more than, say, six years? Lastly, are you aware that the first Visa-mandated sunset date for your old PIN Entry Devices (PEDs) is July 1, 2010?”
A Look at the Cost of Payments Acceptance by UK Merchants– www.paymentsnews.com – 6/15/10 – “Earlier today, the British Retail Consortium published its Cost of Payment Collection Survey 2009. The survey, based on data covering 53% of total UK retail sales, found that debit cards are the most used form of payment representing 44% of UK retail sales.”
Online fraud costs UK businesses £400k each, says report– www.computerweekly.com – 6/15/10 – “Online fraud cost UK businesses an average of £400,000 last year, a report reveals. The 2010 edition of the UK Online Fraud Report, commissioned by CyberSource, shows that merchants expect to lose 1.8% of online revenues to payment fraud, but 48% expect to lose less than 1%.”
Consumers Trust Retailers' Security The Least – www.darkreading.com – 6/15/10 – “Consumers in the U.S. trust retailers, government, and banks less than consumers in other countries, a new survey conducted by IBM Guardium found. And, overall, retailers are the least trusted entity in the world, while government is the most.”
Australia: card fraud to fall due to microchip technology– www.istockanalyst.com – 6/15/10 – “The latest figures from the Australian Payment Clearing Association, the payments industry regulator, reveal that the cost of payment fraud rose by 13% in 2009 to 9.4 cents per A$1,000 transacted. With the increasing implementation of microchip card technology in the country, Datamonitor expects the value of payment fraud to fall in 2010.”
Quebec man jailed for card skimming – timestranscript.canadaeast.com – 6/11/10 – “A Laval man was sentenced to six months in jail yesterday for his role in a criminal bank card skimming operation in New Brunswick.”
10 of the Top Data Breaches of the Decade– abcnews.go.com – 6/14/10 – “The Internet cried foul last week when news broke that an AT&T security breach exposed the e-mail addresses of at least 100,000 owners of Apple's iPad 3G.”
South Africa: Beware ATM Fraud, Banks Warn Clients– allafrica.com – 6/14/10 – “THE big four banks were on high alert for international ATM fraud syndicates planning to cash in on unsuspecting local customers and visitors during the World Cup.”
Simplify PCI Compliance for Data Security – www.businessweek.com – 6/11/10 – “If your business accepts credit or debit payments, it’s likely that you’re required to comply with the Payment Card Industry Data Security Standard.”
At least 40 Dixie Cafe customers impacted by hackers– www.todaysthv.com – 6/11/10 – “Hackers strike a popular Arkansas restaurant, with dozens of diners affected.Executives with the Dixie Cafe say they just discovered the breach this week, hitting two locations in Little Rock and Hot Springs.”
Cloud Computing: Would PCI Compliance Help or Hurt Security?– www.cio.com – 6/10/10 – “These days it's not that great a compliment to say something's as safe as banks, let alone credit cards or those swipe-card readers at the convenience store.”
At least 40 Dixie Cafe customers impacted by hackers– www.todaysthv.com – 6/10/10 – “Executives with the Dixie Cafe say they just discovered the breach this week, hitting two locations in Little Rock and Hot Springs. The company is working with local and federal authorities to get to the bottom of all this.”
Forgotten Apps Pose PCI Danger, Visa List Shows– www.storefrontbacktalk.com – 6/10/10 – “Tucked away in forgotten corners of your network sits a wide range of old, forlorn applications. Beyond collecting electronic cobwebs, these apps potentially pose one of the most serious threats to your data security.”
Why Open Source Drives PCI Nuts– www.storefrontbacktalk.com – 6/10/10 – “The big advantage to open-source software is that anyone can change it. And the big disadvantage to open source? Anyone can change it.”
Debit card "phishing" scam reported in Chippewa Falls– www.wqow.com – 6/9/10 – “On 06/09/10, several Chippewa Falls area residents reported to local law enforcement and various financial institutions that they had received automated calls on their land line and cell phones alerting them to the fact that their VISA debit card accounts had been de-activated due to a security breach.”
Debit card fraud operation in city – www.parisstaronline.com – 6/9/10 – “City police are investigating a debit-card fraud operation that operated over a three-month period, with a local restaurant suspected at the centre of things.”
ATM Skimmer Striking Washtenaw Co. – www.clickondetroit.com – 6/9/10 – “Washtenaw County authorities are asking the public to be on the lookout for a man who is accused of trying to steal ATM card numbers.”
Small U.S. banks protest debit fee restrictions– www.reuters.com – 6/9/10 – “U.S. community banks said a proposal to require big banks to reduce fees they charge merchants would in fact force smaller lenders to boost the fees they charge consumers.”
Police: Bulgarian linked to ‘skim’ had 46 $20 bills– chronicle.northcoastnow.com – 6/9/10 – “A Bulgarian national suspected of attaching a card-reading device to a North Ridgeville ATM last month had $920 in $20 bills concealed in a pair of gloves that police found during a search of his car, according to an unsealed search warrant.”
$217,000 'Skimmed' From ATMs – online.wsj.com – 6/9/10 – “"Cloned" debit cards have been used to steal more than $200,000 from Long Island banks between April and the end of May, police said.”
Elavon Selects Semtek, Voltage Security for End-to-End Data Protection– www.paymentsnews.com – 6/8/10 – “Elavon has announced that Semtek and Voltage Security have been selected to include end-to-end encryption capabilities in its acquiring and gateway solutions.”
How to Raise Risk Awareness– www.bankinfosecurity.com – 6/8/10 – “Ana Foster is the Risk Manager and Compliance Officer at Cambridge Trust Company in Massachusetts, and increasingly she sees risk awareness as a significant part of her job.”
Semtek and Elavon Enter Into Global Security Services Agreement– www.prnewswire.com – 6/8/10 – “Semtek Innovative Solutions Corporation announced today it has entered into a multi-year, global agreement with Elavon, a wholly owned subsidiary of U.S. Bancorp (NYSE: USB) and a leading global payments provider, to provide the merchant processor with end-to-end security services and infrastructure for the Elavon merchant portfolio. ”
Payment fraud costing more– www.bankingday.com – 6/8/10 – “The cost of payment fraud increased 13 per cent last year, rising from 8.27 cents per $1000 transacted in the year to December 2008 to 9.38 cents in 2009.”
Eftpos card-skimming occurring in NSW – news.theage.com.au – 6/8/10 – “Fraud squad detectives are urging people to use Eftpos machines with caution after fresh reports of card skimming on the NSW north coast.”
Card Fraudsters Suspend High-Tech Breaches for More Old-School Methods– www.cuinsight.com – 6/8/10 – “One of the attractive benefits of skimming for fraudsters is not only the millions of dollars that they can get away with, but that the process is cheap maintains Karen Postma, TMG (The Members Group), in her latest fraud white paper, "A Throw Back Threat."”
FTC Approves Final Settlement With Restaurant Chain– www.collectionscreditrisk.com – 6/8/10 – “The Federal Trade Commission approved a final settlement order with Dave & Buster's Holdings Inc., an entertainment and restaurant chain.”
Don't keep quiet after a data security breach– searchsecurity.techtarget.com – 6/7/10 – “Cybercriminals have upped the ante against organizations by relentlessly targeting them in more ruthless ways. The amount of data corporations are losing is increasing.”
Card-skimmer raid on Salisbury Commonwealth Bank ATM– www.adelaidenow.com.au – 6/7/10 – “Both devices were attached to stand-alone Commonwealth Bank ATM machines - the first last Tuesday at Northpark Shopping Centre, Prospect, and the second yesterday at Parabanks Shopping Centre in Salisbury.”
2010 Data Breach Timeline– www.bankinfosecurity.com – 6/7/10 – “The following is a list of data breaches that have affected U.S. financial institutions in 2010. The information was compiled from the 2010 Data Breach Report by the Identity Theft Resource Center (ITRC), based in San Diego, CA.”
Complying With Visa’s July 1 PA-DSS Mandate– www. storefrontbacktalk.com – 6/1/10 – “In the same way you wouldn’t buy your gold Rolex from a street vendor, you shouldn’t buy a software payment application that is not on the PCI Council’s list of PA-DSS validated applications.”
More ATMs sealed off in town– www. – 6/7/10 – “Cash machines in a north-east town have been cordoned off for the second time in a week amid fears that fraudsters have targeted them.”
Card-skimmer raid on Salisbury Commonwealth Bank ATM– www.adelaidenow.com.au – 6/7/10 – “The second atm skimming device dicovered in less than a week may be the work of the same offenders, police say.”
Card warning over thid ATM skimmer fears– news.stv.tv – 6/6/10 – “Police fear a third card-skimming device - used to steal bank card details - may have been attached to a cash machine in Stonehaven.”
Bulgarian suspected of installing ATM ’skimmer’– chronicle.northcoastnow.com – 6/5/10 – “A sharp-eyed Charter One Bank employee discovered a card-reading device attached to an ATM outside the bank’s North Ridgeville branch last Sunday.”
Study Quantifies the Heavy Damage of Card Data Breaches– www.digitaltransactions.ne – 6/4/10 – “Everyone knows data breaches are expensive and affect a lot of people, but just how much is startling.”
Debit card skimming in Brantford – www.easy101.com – 6/4/10 – “Over the past 5 days, Brantford police have heard from 10 local citizens concerning debit card fraud after they noticed irregularities in their bank accounts.”
Disney Clerk Accused Of Credit Card Skimming– www.wesh.com – 6/3/10 – “Authorities said a Walt Disney World employee used skimming devices at several of the resort’s hotels to steal credit card information from guests.”
Restaurant patrons find credit card info stolen– www.wthr.com – 6/3/10 – “At least one bank is cautioning debit and credit card users to beware of fraudulent charges to their accounts. This, as dozens of customers of a local restaurant discover their numbers have been stolen.”
First Data Looks at Fraud Trends: "Fraud as a Service"– www.paymentsnews.com – 6/3/10 – “A new white paper titled "Fraud Trends in 2010: Top Threats From a Growing Underground Economy" by Rick Van Luvender Director, First Data InfoSec Incident Response Center, First Data Corp. is now available.”
Local restaurant targeted by online hackers– www.fox59.com – 6/2/10 – “A local restaurant reports a security breach affecting its customers. Hackers tapped into the credit card machines at Marco's, stealing credit and debit card numbers from several customers, wiping out their bank accounts.”
Bossier City man charged with credit card "skimming"– www.shreveporttimes.com – 6/2/10 – “A Bossier City man faces theft charges after allegedly using a skimming device to steal people’s credit card information.”
FS-ISAC Releases Cyber Attack against Payment Processes (CAPP) Results– www.paymentsnews.com – 6/2/10 – “The Financial Services Information Sharing and Analysis Center (FS-ISAC) has released the Executive Summary of the results of a three-day nationwide cyber attack simulation exercise conducted in February.”
Police seek suspect in credit card fraud case– www.pnj.com – 6/2/10 – “Police are looking for a Pensacola man wanted in connection with the theft and use of customer credit and debit card numbers from a local business.”
FS-ISAC 2010 Cyber Attack against Payment Processes (CAPP) Exercise Executive Summary– www.fsisac.com – 6/1/10 – “As part of its mission to share information regarding cyber threats and help respond to attacks against the financial services sector, the Financial Services Information Sharing and Analysis Center (FS-ISAC) organized and held the Cyber Attack against Payment Processes (CAPP) Exercise on February 9 - 11, 2010.”
Payment processing trends: What every operator should know– www.fastcasual.com – 6/1/10 – “While there are many trends in the credit and debit card industry, security is the trend that most restaurants should put at the top of their list.”
Merchants, Banks, And The Payment Security World To Unite At PCI Security Standards Council Community Meetings; Details And Dates Announced – www.pcisecuritystandards.org – 6/1/10 – “Today, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard , PIN Transaction Security requirements and the Payment Application Data Security Standard, announced dates and locations for its 2010 Community Meetings, the Council’s annual forums for engaging with Participating Organizations and members of the assessment community on the PCI standards.”
Is U.S. Ready for Chip & PIN?– www.bankinfosecurity.com – 6/1/10 – “Is the U.S. ready for chip and PIN payment card authentication? Or are American financial institutions and merchants too invested in current technologies to even consider such a move?”
Fake a Credit Card– www.wired.com – 6/1/10 – “Fraudsters rack up millions of dollars in merchandise using fake credit cards with legit numbers hacked off the Internet. Detective Bob Watts of Newport Beach PD shows how it's done.”
Payment processing trends: What every operator should know– www.fastcasual.com – 6/1/10 – “While there are many trends in the credit and debit card industry, security is the trend that most restaurants should put at the top of their list.”

May 2010

Geist: Security breach disclosure bill has bark but no bite– www.thestar.com – 5/31/10 – “Last week Industry Minister Tony Clement unveiled two bills touted as important components of the government’s national digital strategy.”
Visa Eases up on Triple DES Deadline in Face of ‘Migration Challenges’– www.digitaltransactions.net – 5/28/10 – “Visa Inc. has “relaxed enforcement” of the July 1, 2010, deadline for petroleum retailers to install software that meets the so-called Triple Data Encryption Standard (also called 3DES or TDES) in response to requests from the major oil companies, including ExxonMobil, the card network said in a statement released this week.”
ITunes security lapse frustrates Apple user– www.cbc.ca – 5/28/10 – “A security breach with Apple's music program iTunes has left a sour note with a once-devoted fan.”
Card skimmer found at Dumbarton bank – www.lennoxherald.co.uk – 5/28/10 – “HUNDREDS of bank customers are at risk from fraud after a card “skimmer” was found attached to a cash machine.”
End-to-End Encryption Security Requirements– spva.org. – 5/27/10 – “Targeted to vendors of POS devices, this guideline sets a baseline for the payments industry and represents the first step to further strengthen payment security standards globally.”
Top Tier Merchants and the Challenge of Card Data Security – www.mercatoradvisorygroup.com – 5/27/10 – “New insight into the issues posed by PCI and card number security for merchant category leaders provides guidance and cautions”
Winter Park Bank Customers Victimized by Skimmer– www.wesh.com – 5/27/10 – “Winter Park Police said two people have come forward to complain about fraudulent activity on their bankcards.”
Secure POS Vendor Alliance Releases End-to-End Encryption Security Requirements– www.spva.org – 5/27/10 – “The Secure POS Vendor Alliance (SPVA), a non-profit business organization founded by Hypercom, Ingenico S.A., and VeriFone today announced the release of its End-to-End Encryption Security Requirements related to payment card data in payment card reading devices.”
Skimming on the increase– www.abc.net.au – 5/27/10 – “The 22 year old Perth resident thought her details were protected and no one else could touch her money until October last year when thieves stole more than $2,000 from her bank account.”
Thieves Steal ATM Data In Winter Park– www.clickorlando.com – 5/27/10 – “Police said thieves have swiped information using card skimmers from automated teller machines across Winter Park.”
Cyber Thieves Rob Treasury Credit Union– krebsonsecurity.com – 5/27/10 – “Organized cyber thieves stole more than $100,000 from a small credit union in Salt Lake City last week, in a brazen online robbery that involved dozens of co-conspirators, KrebsOnSecurity has learned.”
U.S. EMV Conversion Seen As Possible-Eventually– www.paymentssource.com – 5/26/10 – “The day when the United States joins many other large markets globally in converting to EMV chip-and-PIN cards from magnetic stripe versions will not occur any time soon. But it will come eventually, one observer predicts.”
American Express may have failed to encrypt data– www.securecomputing.net.au – 5/26/10 – “American Express may be in hot water after a computer engineer discovered a portion of the card brand's website, which claims to be secure, is sending private information in the clear.”
New PCI Stats Show First Time Drop In Level 1 Compliance– storefrontbacktalk.com – 5/26/10 – “New PCI DSS compliance stats for the U.S. released by Visa on Monday (May 26) showed—for the first time—a drop in the compliance rate for Level 1 retailers, albeit a tiny one, from 96 percent to 95 percent.”
What Will It Take To Make Chip-and-PIN Happen In The U.S.?– storefrontbacktalk.com – 5/24/10 – “Despite an aggressive campaign launched this month by Wal-Mart to push for its adoption, it looks increasingly likely that to have Chip-and-PIN (EMV) adopted in the U.S. will require government intervention.”
Foreign hackers are targeting small business, says BBB– www.hometownsource.com – 05/26/10 – “The Better Business Bureau of Minnesota and North Dakota (BBB) and the Minnesota Cyber Crime Task Force (MCCTF) are issuing a warning to all small businesses that process credit cards.”
American Express may have failed to encrypt data– www.securecomputing.net.au – 05/26/10 – “American Express may be in hot water after a computer engineer discovered a portion of the card brand's website, which claims to be secure, is sending private information in the clear.”
Fighting the Skimming Factor– www.bankinfosecurity.com – 05/25/10 – “Debit card compromises are a growing concern for banks, credit unions and retailers. ATM and POS skimming attacks, as well as database breaches, are growing.”
The Story Behind The Hackers Behind The Largest Credit Card Number Heist– www.techdirt.com – 05/25/10 – “A few years ago, the story broke about how TJX, the corporate parent of a series of retail stores, including TJ Maxx and Marshalls, had suffered a huge data breach, after some hackers had accessed its computer network via an insecure wireless connection at one of the stores.”
Visa General PED Frequently Asked Questions Update for May 2010 – partnernetwork.visa.com – 05/25/10 – “PCI alignment for PIN and PED security represents a partnership to standardize data and device security requirements, testing methodology, and approval processes.”
District food servers charged in theft of patrons' credit card numbers– www.washingtonpost.com – 05/24/10 – “Three servers at the Cheesecake Factory restaurant on Wisconsin Avenue in the District allegedly stole credit card numbers from patrons as part of a scheme that racked up more than $117,000 in fraudulent charges between 2008 and last year, authorities say.”
Ready to Outsmart PCI? New Techs Help IT Comply– analytics.informationweek.com – 05/23/10 – “The PCI Data Security Standard is costly, complex and rigged against the retailers, merchants and processors that must comply with it.”
Local restaurant's computer hacked, customers' card numbers stolen– www.woai.com – 05/22/10 – “The computer system at a local Mexican restaurant was hacked, and investigators believe thieves made off with the credit card numbers of hundreds of customers.”
PCI Compliance Doesn't Have To Be Painful – www.informationweek.com – 05/22/10 – “Two technologies--end-to-end encryption and tokenization--may go a long way toward protecting credit-card data.”
Hotel liability and data security – www.hotelnewsnow.com – 05/21/10 – “In an attempt to understand hotel liability as it pertains to information security, HotelNewsNow.com sought the counsel of Robert Braun, partner with Jeffer Mangels Butler & Marmaro. What follows are his answers to relevant questions on the subject. (This is the sixth installment in a seven-part series about hotel information data security.)”
Aldaco's issues credit card breach alert– www.mysanantonio.com – 05/21/10 – “Blanca Aldaco released a statement and posted on the Aldaco's website(www.aldacos-stoneoak.com) that there has been a data security breach at Aldaco's at Stone Oak.”
Taking Credit Card Security Seriously – www.nacsonline.com – 05/20/10 – “A recent Forbes article addresses PCI DSS, specifically as it relates to compliance by small companies. While larger merchants (as defined by their PCI DSS merchant level) are subject to independent audits of their processes and systems, the smaller merchants instead can rely on a self-assessment questionnaire, "where they essentially grade themselves," according to Forbes.”
Wal-Mart: “It’s Time For Chip-And-PIN In The U.S.”– storefrontbacktalk.com – 05/20/10 – “With major card brands and the banks strongly opposed to Chip-and-PIN efforts in the United States, there’s only one way it’s going to happen–and that happened Wednesday (May 19): Wal-Mart publicly forced the issue.”
Customer finds skimming device at Pasco ATM – suncoastpasco.tbo.com – 05/19/10 – “The Bank of America customer had trouble getting his card into the drive-up ATM on Saturday morning, Pasco County Sheriff's Detective Natalie McSwane said outside the sheriff's administrative offices today.”
Heartland in $41.4M settlement with MasterCard– www.google.com – 05/19/10 – “Heartland Payment Systems Inc., which processes credit card payments, said Wednesday that it will pay MasterCard issuers $41.4 million to settle claims over a 2008 data security breach.”
Heartland, MasterCard Forge a $41 Million Data-Breach Settlement– www.digitaltransactions.net – 05/19/10 – “Continuing its massive clean-up in the wake of the payment card industry’s biggest data breach, merchant acquirer Heartland Payment Systems Inc. late on Wednesday announced a $41.4 million settlement with MasterCard Inc.”
Heartland Payment Systems and MasterCard Agree to $41.4 Million Intrusion Settlement – www.marketwatch.com – 05/19/10 – “Heartland Payment Systems, the nation's fifth largest payments processor, has entered into a settlement agreement with MasterCard Worldwide to resolve claims from MasterCard and its issuers related to the 2008 criminal intrusion into Heartland's payment system environment.”
Nine Arrested In Long Beach Raid – www.contracostatimes.com – 05/19/10 – “Five females and four males were arrested during a raid in Long Beach Tuesday as a result of an investigation into stolen property and drug activity in Manhattan Beach, police said.”
ATM skimmer found in South Yarra– www.abc.net.au – 05/19/10 – “Police are warning people to be vigilant after a skimming device was found attached to an automatic teller machine at South Yarra last week.”
N$11 000 skimmed from credit card– www.namibian.com.na– 05/18/10 – “According to an investigation launched by Bank Windhoek Otjiwarongo, the fraudsters used the cloned Bank Windhoek debit card to buy groceries worth N$4 000 at a Shoprite branch at Rundu.”
Busted German Credit Card Thieves Redefine 'Schadenfreude'– blogs.forbes.com – 05/18/10 – “According to blogger Brian Krebs, a group of hackers have eviscerated an underground hacker forum by posting database dumps of their private information and communication, including email addresses and private messages sent between users.”
Hotel data breaches the result of basic failures within industry– www.hotelnewsnow.com – 05/17/10 – “This is the first installment in a five-part series about hotel information data security.”
Taking Credit Card Security Seriously– www.forbes.com – 05/17/10 – “The easiest way for small businesses to address the information security requirements imposed by credit card companies is the wrong way.”
Bank vs. Business: Judge Rejects Motions– www.bankinfosecurity.com – 05/17/10 – “The judge in the PlainsCapital Bank case struck down the bank's requests to waive a jury trial and to move the case to arbitration.”
PCI: The Threats And The Opportunities For VARs– www.bsminfo.com – 5/16/10 – “For anyone supplying merchants with hardware, software, or services, the Payment Card Industry Data Security Standard (PCI DSS) represents both a profound challenge and a major opportunity.”
Officials: Hacking was outside eatery– www.macon.com – 05/15/10 – “A security breach that has compromised the credit and debit cards of recent customers at the Mellow Mushroom in Warner Robins is believed to have occurred outside the restaurant, police and the restaurant’s lawyer said Friday.
Arrest in India over TJX data theft– www.computerworlduk.com – 05/14/10 – “A Ukrainian man has been arrested in India, in connection with the most notorious hacking incident in US history.”
Three face charges over fake gift card scam– www.democratandchronicle.com – 05/14/10 – “Three people, including two alleged illegal immigrants, face federal charges that they used fake gift cards to steal nearly $200,000 from retailers across the Northeast.”
Malaysians held over B10m ATM card scam– www.bangkokpost.com – 05/14/10 – “Police have arrested two Malaysian men on charges of creating fake ATM cards to withdraw more than 10 million baht from the accounts of more than 100 bank card holders.”
Kinross gran loses savings to card thieves – www.perthshireadvertiser.co.uk – 05/14/10 – “Thieves are using hi-tech equipment to steal funds from Big County residents’ bank accounts – before transferring the cash to the Middle East.”
Credit union blocks debit, credit cards– www.macon.com – 05/14/10 – “Warner Robins-based Robins Federal Credit Union has blocked, because of a breach, about 2,000 debit and credits cards that were used at a local but unknown merchant.”
South Africa card fraud rises – www.iol.co.za – 05/13/10 – “The number of card skimming attempts has increased significantly this year, according to recent statistics released by FNB Credit Card's Fraud department on Thursday.”
Information of 2,000 Robins Credit Union Cardholders is Breached – www.13wmaz.com – 05/13/10 – “Robins Federal Credit Union says credit card and debit card information for 2,000 of its cardholders has been breached -- and the accounts have been blocked because of what the credit union calls "the large amount of fraud."
Encryption: The New Buzzword in Data Security– usa.visa.com – 05/13/10 – “In many data security discussions in the past year, end-to-end encryption has been on the top of the list of emerging technologies that businesses are considering to enhance their own data security.”
New payment security rules may focus on using tokens to mask card data– www.internetretailer.com – 05/13/10 – “41% of payment security professionals polled in a new study say they think upcoming payment security standards slated for release in October will promote turning cardholder data into a token to keep it secure.”
PCI SSC: Understanding the PTS Security Requirements Version 3.0– register.webcastgroup.com – 05/13/10 – “Event Date: Tuesday, May 18, 2010 @ 3:00 PM ET / 12:00 PM PT. This session will provide a detailed explanation of Version 3.0 of the PTS Security Requirements from Jeremy King, PCI SSC PTS working group representative and MasterCard Worldwide Business Leader, Payment System Integrity.”
New Data Breach Law Says Assessor—Not Visa—Has The Final Word– storefrontbacktalk.com – 05/12/10 – “One of the top ongoing concerns about PCI compliance—the absence of a true safe harbor—has been obliterated in the state of Washington, thanks to a new law signed by Gov. Chris Gregoire.”
PCI Issues New POS Standard– www.bankinfosecurity.com – 05/12/10 – “A new measure to strengthen credit card data protection was released by the PCI Security Standards Council today.”
Picante restaurant is victim of credit card scam– www.berkeleyside.com – 05/12/10 – “Picante, the popular Mexican restaurant on 6th Street, has been the target of an international credit card fraud operation, its owner says today.”
You could be handing your bank info to a thief– www.abc15.com – 05/12/10 – “They're easy and convenient and if you watch your balance using a debit card instead of credit is a good way to manage your money. But at what price?”
Data-Breach Risks Rise With Social Networking, Mobile-Payment App Use– www.americanbanker.com – 05/12/10 – “The fast growth of social-networking sites containing users' personal information is drawing concern from some payment data-security experts who say the risk of exposing consumers' sensitive data is rising.”
Police search for suspected ATM scammer– www.wptv.com – 5/12/10 – “Police are on the lookout for a man they say is using a skimmer to steal ATM numbers and drain victims' bank accounts.”
Inside the TJX/Heartland Investigations– www.bankinfosecurity.com – 5/11/10 – “With the recent sentencing of the last of Albert Gonzalez' co-conspirators in the TJX and Heartland data breaches, a long, hard criminal investigation comes to a close.”
Delray Beach Police Search For ATM Skimmer– www.wpbf.com – 05/11/10 – “Police in Delray Beach are searching for a man they said stole at least $1,000 in cash from ATMs using "skimmed" card information.”
Criminals find a gold mine in stolen debit card numbers– www.vancouversun.com – 05/11/10 – “They’re organized criminals, but they don’t tattoo gang names on their bodies, they don’t wear colours, and they don’t come up with snappy names.
Shanghai police crack down on credit card fraud– english.peopledaily.com.cn – 05/11/10 – “Police in Shanghai on Monday vowed to crack down on credit card fraud by foreigners as statistics revealed that large-scale international fairs like the Expo tend to attract card scammers to the host city.”
Card skimmer found at Tesco cash machine– www.thisisnorthdevon.co.uk – 05/11/10 – “Fraudsters have been using a "card skimmer" to try to rip off people using a cash machine at Tesco in Barnstaple.”
Card cloning device found at Barnstaple cash machine– news.bbc.co.uk – 05/11/10 – “A device which clones the details of debit and credit cards has been removed from a Barnstaple cash machine.”
Visa fraud alert puts banks, payment processors on guard– www.computerworld.com – 05/11/10 – “Visa Inc. last week sent a fraud alert to banks and payment processors warning them to look out for a "large batch settlement fraud scheme" involving a merchant account in East Europe.”
Hack Pack. The biggest identity theft case ever. right here in Miami. – www.miaminewtimes.com – 05/10/10 – “Andres Torres was dozing on a couch with the blinds drawn when he heard a chorus of boots pounding the stairs.”
ATM Hack Demo Planned For Black Hat – www.informationweek.com – 05/10/10 – “A banned demonstration of remote and local ATM vulnerability exploits is set to resurface at the Black Hat Security Conference July 24th - July 29th in Las Vegas.”
Heartland breach expenses pegged at $140M -- so far– www.computerworld.com – 05/10/10 – “The costs to Heartland Payment Systems Inc. from the massive data breach that it disclosed in January 2009 appear to be steadily adding up.”
Laval police stop phoney debit-card scam– www.globalsaskatoon.com – 05/10/10 – “Laval police say they have broken up a fraudulant debit-card ring.”
Coder Journeys From Wall Street to Prison– www.wired.com – 05/07/10 – “More than a month has elapsed since the years-long investigation and prosecution of TJX hacker Albert Gonzalez came to a dramatic end, with Gonzalez sentenced to 20 years in prison for the largest identity-theft case in U.S. history.”
Even Vendors See a Far-off Horizon for End-to-End Encryption– www.digitaltransactions.net – 05/07/10 – “End-to-end encryption of payment card data is all the rage among vendors to the merchant-acquiring industry, but vendors themselves believe it will take a long time for merchants to begin using their new technology.”
Heartland Breach: Consumer Settlement Proposed– www.bankinfosecurity.com – 05/0610 – “A proposed settlement of the consumer class action suit brought against payments processor Heartland Payments System got preliminary approval from a U.S. District Court judge in late April.”
Police: no leads in card-skimmer planting – www.northjersey.com – 05/06/10 – “The owner of the Exxon Mobile gas station on Pompton Avenue in Cedar Grove on Monday sought the speedy investigation of the two electronic card-skimming gadgets discovered attached to the station’s gas pumps last week.”
Building Trust and Growing the Brand: The Role of Privacy and Security in Retail 2010– www.retailsystemsresearch.com – 05/06/10 – “Retailers need customer data to respond more quickly to changes in demand patterns, to reduce out-of-stocks, to match product offerings with customers who want to buy them, and to improve their service to customers. But customer-specific information can go well beyond transactional sales data.”
Debit card fraud hits Hawkesbury, at least 130 clients affected– thereview.ca – 05/05/10 – “A large-scale debit card skimming operation in Hawkesbury resulted in significant financial withdrawals from the bank accounts of at least 130 Hawkesbury-area clients last weekend, according to the Ontario Provincial Police (OPP).”
Police seek information on card skimmer– dailyme.com – 05/05/10 – “Police are asking for help identifying an unknown suspect believed to be using a device that steals bank card numbers and pin codes from ATM machines in several western states to withdraw money from Vancouver-area machines.
End-to-End Encryption in Card Payments: An Introduction– www.aitegroup.com – 05/05/10 – “Vendors perceive merchants to be as likely to purchase E2EE solutions to offload PCI DDS requirements as they are to secure card data.”
Secret Service: ATM Card Skimming Five Times Higher This Year– advice.cio.com – 05/05/10 – “ATM skimming is approaching a billion-dollar issue. ATM skimming is happening coast to coast and there seems to be no end in sight.”
Reno police warn of gas station credit fraud– www.rgj.com – 05/04/10 – “Reno police say the arrest of two suspects in California ended a series of more than 100 thefts of credit card information at local gas stations in February.”
Nevada Specifies New Details For Encryption: What you Need to Know– www.brighttalk.com – 05/04/10 – “Nevada's Senate Bill No. 227 which came into effect on January 1, 2010, brings a surprising degree of specificity to defining encryption; encryption is the "protection of data in electronic or optimal form, in storage or in transit".”
Bank account thefts are traced to alleged snooping at drive-up– www.telegram.com – 05/04/10 – “The man waiting in the automated teller machine drive-up line looked like any other customer. But authorities said he was really peering at customers, eying their PIN numbers then stealing cash from their accounts.”
PCI compliance encryption includes hardening key management systems– searchsecurity.techtarget.com – 05/03/10 – “As companies deploy encryption to protect cardholder data, French security giant, Thales Group is making the case for hardware security modules (HSMs) to protect the underlying key management systems at the heart of all encryption systems.”
A ‘Russian roulette’ of risk results after data breaches- www.kansascity.com – 05/01/10 – “Even after an investigation by federal agents, the mystery lingers over how crooks stole credit card numbers from Llywelyn’s Pub.
Credit Card Fraud Syndicate Arrested – en.vivanews.com – 4/29/10 – “Fiscal, Monetary, and Foreign Exchange Unit of the Directorate of Crime and Investigation of Special Crimes of Jakarta Police Department arrested a credit card fraud syndicate.”

April 2010

Announce A Data Breach And Say It's No Big Deal?– www.cbsnews.com – 04/30/10 – “Data Breach Etiquette Rule #8: The moment you announce you screwed up and exposed customers’ payment data to cyberthieves is a really bad time to lecture customers that “it’s a lot less bad than it looks” and that “it’s important to remember you’re never responsible if someone uses your credit card without your permission.””
PCI council launches certification program for IT staff– www.computerworld.com – 04/30/10 – “The organization responsible for administering the Payment Card Industry Data Security Standard (PCI DSS) has launched a new program to help enterprises conduct self-assessments of their compliance with the standard.”
Two men face 300 charges in credit scam– www.edmontonjournal.com – 04/30/10 – “Edmonton police have laid more than 300 charges against two men in connection with a series of frauds involving counterfeit or stolen credit cards, bank cards, SIN cards and citizenship certificates.
Jakarta Cops Bust Credit Card Skimmer Suspects– www.thejakartaglobe.com – 04/29/10 – “Jakarta Police have arrested three people believed to be part of a sophisticated credit card fraud ring that allegedly swindled US and European nationals.”
What's wrong with the PCI security standard– www.sfgate.com – 04/29/10 – “The security standard used to protect credit cards isn't up to the task and upgrades that are planned for this fall do virtually nothing to improve it, a security expert told Interop attendees this week.”
Inside the TJX/Heartland Investigations– www.bankinfosecurity.com – 04/29/10 – “In an exclusive interview, Kim Peretti, former senior counsel with the Department of Justice, offers an inside look at these investigations.”
Retailers to Banks: Give Us Chip and PIN, Electronic Checks– www.banktech.com – 04/29/10 – “Executives at three of the largest payment-generating retailers — Walmart, Best Buy and T-Mobile — were on hand at the NACHA Payments conference this week to tell bankers what they want and the trends they see on the horizon.”
Retailers to Banks: Give Us Chip and PIN, Electronic Checks– www.banktech.com – 04/29/10 – “Executives at three of the largest payment-generating retailers — Walmart, Best Buy and T-Mobile — were on hand at the NACHA Payments conference this week to tell bankers what they want and the trends they see on the horizon.”
RBS chief victim of credit card fraud – www.walesonline.co.uk – 04/29/10 – “Banking chief Sir Philip Hampton has been a victim of credit card fraud, he revealed. The RBS chairman said his card details have been stolen two or three times by people in remote parts of the world he has never visited.”
Announcing A Data Breach And Saying It’s No Big Deal: Bad Move, Blippy– storefrontbacktalk.com – 04/29/10 – “On Friday (April 23), Kaplan announced on the company’s blog that four customers had their credit card numbers exposed on the site because Google cached some of its early testing. For some reason, Blippy publicly tested with live payment card numbers.”
Did Retailers Learn Any Lessons From Gonzalez?– storefrontbacktalk.com – 04/29/10 – “Albert Gonzalez succeeded—for several years, at least—as arguably the world’s most effective cyberthief, breaking into many of the largest retail chains (Target, 7-Eleven, TJX, JCPenney, Sports Authority, etc.).”
Blippy Fiasco Shows PCI Applies To Everybody—At Least It Should– www.storefrontbacktalk.com – 04/29/10 – “In our increasingly strange new world of social networking and mobile commerce, a whole range of unexpected places will need to deal with PCI DSS.”
Credit Card Fraud Syndicate Arrested – en.vivanews.com – 4/29/10 – “Fiscal, Monetary, and Foreign Exchange Unit of the Directorate of Crime and Investigation of Special Crimes of Jakarta Police Department arrested a credit card fraud syndicate.”
Cops: skimming devices were 'secreted' in gas pumps – www.northjersey.com – 4/29/10 – “Police are asking drivers who’ve gassed up at the Cedar Grove Exxon on Pompton Avenue in recent days to check their bank and credit statements for billing irregularities.”
What's wrong with the PCI security standard – www.networkworld.com – 04/29/10 – “The security standard used to protect credit cards isn't up to the task and upgrades that are planned for this fall do virtually nothing to improve it, a security expert told Interop attendees this week.”
Costs Of Data Breaches Much Higher In U.S. Than In Other Countries, Study Says – www.darkreading.com – 04/28/10 – “A data breach in the United States could cost enterprises twice as much as the same breach costs companies in other countries with less stringent disclosure and notification laws, according to a study published today.”
Debit card skimming scheme busted– www.globaltvcalgary.com – 04/28/10 – “Police have busted a sophisticated debit card skimming scheme and charged two Ontarians.”
Infosec 2010: What is lost data actually worth? – www.v3.co.uk – 04/28/10 – “With the Information Commissioner's Office (ICO) now able to fine firms up to £500,000 for any data losses, and more information than ever being stored, the safeguarding of that data is a major concern for all businesses.”
Engaging Your Staff in Data Protection– itmanagement.earthweb.com – 04/28/10 – “As security experts know all too well, staff knowingly and intentionally circumvent your carefully designed security protocols.”
Report: Tier 1 Merchants Pay $122,000 More For PCI Assessments – www.darkreading.com – 04/27/10 – “When it comes to annual costs for PCI assessments, not all engagements are created equal: Larger, Tier 1 merchants pay an average of $122,000 more, according to a survey of PCI qualified security assessors (QSAs) released today.”
InfoSec 2010: Europe to mandate reporting of serious breaches– www.v3.co.uk – 04/27/10 – “Organisations could soon be forced to report all serious data breaches to the Information Commissioner's Office (ICO), as part of an upcoming review of a European Union directive on the reporting of data losses.”
U.S. businesses face skimming fraud increase– www.scmagazineus.com – 4/27/10 – “U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and PINs, according to a Gartner analyst.”
ATM skimming gear busted by bank customer– www.cbc.ca – 4/27/10 – “Calgary police have arrested two Ontario men in what they described as a sophisticated operation targeting debit information at bank machines across Canada."
U.S. businesses face skimming fraud increase– www.scmagazineus.com – 4/27/10 – “U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and PINs, according to a Gartner analyst.”
Card skimmers jailed – fraudblog.dilloninvestigates.com – 4/27/10 – “Three card-skimmers ended up before the courts in Dublin in the last week. Nita Florin (35) is awaiting sentence after being caught with fake bank statements, driver's licence, passport and tax forms.”
Skimming discovered at bustling BMO Centre– www.metronews.ca – 4/27/10 – “Police say a quick-thinking man alerted them to an alleged debit skimming scheme at a busy BMO Centre over the weekend.”
Same bank machine targeted twice by skimmers– calgary.ctv.ca – 4/27/10 – “Police are investigating two card skimming cases that happened days apart at the same bank machine.”
Police arrest two people in Whitby credit card fraud– toronto.ctv.ca – 4/26/10 – “Durham Regional police say they have arrested two people and are looking for two more in connection with a continuing credit card fraud scheme in Whitby.”
Blippy to hire CSO, conduct audits after credit card breach– www.scmagazineus.com – 4/26/10 – “Blippy, a Silcon Valley start-up that enables users to share details in real time about purchases they make, plans to invest millions in information security following revelations that it exposed the credit card numbers of a small number of people through Google's search index.”
Women Accused of ATM Skimming Arraigned– darien.danville.patch.com – 4/24/10 – “Three Romanian women from New York were arraigned in Stamford Superior Court Friday on charges that stem from an ATM skimming incident that took place at People's Bank in downtown Darien the morning prior.”
Local debit cards affected in breach– www.wlfi.com – 4/24/10 – “Lafayette police say a national debit card security breach is hitting close to home.”
Blippy.com exposes users' credit and debit card numbers in security breach – latimesblogs.latimes.com – 4/23/10 – “August Capital partner David Hornik just announced on Blippy.com that he ponied up $8 million to lead a second round of funding for the controversial new website that shares credit card and online purchases with friends on the Web.”
Perth ATM users warned to be vigilant– www.perthshireadvertiser.co.uk – 4/23/10 – “Police are warning Perth bank customers to exercise extreme caution following the discovery of two covert card-reading devices on ATMs.”
Pub Looking Into Credit Card 'Processing Error'– www.wlky.com – 4/22/10 – “An investigation is under way following several incidents of credit card fraud. Louisville Metro Police told WLKY the U.S. Secret Service is investigating this case.”
PCI Compliance: Are U.K. Businesses Ready? – www.nacsonline.com. – 4/22/10 – “A new white paper released by CIO Business Technology Leadership reveals that U.K. businesses lag far behind their U.S. colleagues in meeting PCI security standards, with only 11 percent of U.K. organizations currently certified as PCI compliant.”
Two Romanian nationals charged with stealing bank account numbers – www.post-gazette.com – 4/21/10 – “Two Romanian nationals are in federal custody for allegedly using card skimmers to steal the account numbers from PNC Bank card users and then using those accounts to spend some $200,000.”
A Merchant Processing Score: The Anti-PCI– www.storefrontbacktalk.com – 4/21/10 – “Consider this scenario: You’re nervous. It’s the last day of a month-long assessment done by your Acquirer. They have had a team of IT forensics people booked in a conference room at your offices for the last 30 days, tearing apart your IT environment.”
TJX Adds Again To Its Breach Cost, But It Doesn’t Really Matter– www.storefrontbacktalk.com – 4/21/10 – “With TJX having suffered well more than $47 million in out-of-pocket expenses from its infamous data breach (announced in 2006 but beginning as early as 2003), the $20 billion retailer is preparing to write still more checks.”
Are Physical Attacks On POS PIN Pads On The Rise? Using Distance As A Defense– www.storefrontbacktalk.com – 4/21/10 – “One of the oldest tenets in security is that professional thieves will always attack the perceived weak point of security. A burglar will hit the back door until it’s reinforced with multiple deadbolts and then he’ll turn to the window.”
Tri Counties Bank says VISA credit breach is concern for its customers– www.chicoer.com – 4/21/10 – “Tri Counties Bank confirmed Wednesday it has sent out certified letters to at least 220 customers whose VISA credit and debit card information may have been illegally obtained.”
Two Romanian nationals charged with stealing bank account numbers– www.post-gazette.com – 4/21/10 – “Two Romanian nationals are in federal custody for allegedly using card skimmers to steal the account numbers from PNC Bank card users and then using those accounts to spend some $200,000.”
SCAM ALERT: Business credit card machine hacked; fraudulent purchases made– www.kfvs12.com/ – 4/20/10 – “Several area residents have come forward saying someone made fraudulent charges on their account.”
Credit Card Scammers Hit Walmart for $250,000– www.risnews.com – 4/20/10 – “Three cashiers were arrested for stealing more than $250,000 from a Walmart where they were employed.”
Injection tops list of web application security risks– www.securecomputing.net.au – 4/20/10 – “Injection flaws, particularly of the SQL kind, are now the most critical web application security risk for enterprises, according to a newly-updated report from the Open Web Application Security Project (OWASP).”
Quantum cryptography takes a step forward– www.securecomputing.net.au – 4/20/10 – “The next stage of encryption could be upon us after tests of quantum cryptography had a successful operation.”
The Security Conundrum – Part 1: The Puzzle– pymnts.com – 4/20/10 – “In recent weeks I have picked a number of conversation threads on the on-going difficulties of securing transactions, such as the recent PYMNTS.com posts of Mohammad Khan and Jack Jania or the ANSI X9 call for new standards to secure debit transactions.”
Mass. Eye and Ear Alerts Patients to Laptop Theft and Data Breach – www.newswise.com – 4/20/10 – “On February 19, 2010, a laptop belonging to a physician affiliated with the Massachusetts Eye and Ear Infirmary was stolen while the physician was lecturing in South Korea.”
Report: 10 percent of fraud victims fall victim to bogus ATM withdrawals– www.securityinfowatch.com – 4/19/10 – “According to a new report released earlier this month by Javelin Strategy & Research on ATM and PIN fraud, 10 percent of fraud victims in the U.S. experience fraudulent ATM cash withdrawals.”
Police Warn Regulator Over POS-System Hacking– www.paymentssource.com – 4/19/10 – “Korean federal police are asking the Financial Supervisory Service of Korea to ensure card issuers heighten credit card security, an official from the regulator confirms to PaymentsSource.”
Hancock Breach Reveals New Trend– www.bankinfosecurity.com – 4/19/10 – “The Hancock Fabrics data breach continues to raise new questions about the security of point of sale (POS) devices at retail stores.”
Security: 10 Most Dangerous Web App Security Risks– www.eweek.com – 4/19/10 – “With Web applications remaining a popular target for attackers, Web app security sometimes seems like a digital version of the "Good, the Bad and the Ugly.”
More than 100 report credit card fraud in Cedar Falls– wcfcourier.com – 4/18/10 – “Reports of credit card fraud keep rolling into the Cedar Falls police department. About 100 victims had come forward as of noon Wednesday, said Police Chief Jeff Olson.”
Paradise lost: a decade of data breaches– www.computerworld.com.au – 4/19/10 – “Do you think the moat around Australia extends around your business and hackers won’t target you? It doesn’t, and research says data breaches will be the elephant-in-the-conference-room at your next IT meet.”
Man charged for importing card skimmers– www.securecomputing.net.au/ – 4/19/10 – “Australian Customs won a small victory in the fight against bank fraud, arresting a 23-year-old Chinese man arriving at Brisbane International Airport late last week who was allegedly carrying tools used to "skim" bank cards.”
Card gang strike at Tesco store– www.portsmouth.co.uk – 4/16/10 – “Polise are hunting a gang who stole thousands of pounds by putting a card skimmer on a cash machine at a Tesco store on Hayling Island.”
Post-TJX: More Cooperation Needed– www.bankinfosecurity.com – 4/16/10 – “As the final chapter of the TJX data breach draws to a close with the sentencing of the last hacking conspirator, security experts say greater international cooperation is necessary to prevent future incidents.”
Final Conspirator in Credit Card Hacking Ring Gets 5 Years– www.wired.com – 4/15/10 – “Damon Patrick Toey, the “trusted subordinate” of TJX hacker Albert Gonzalez, was sentenced in Boston on Thursday to 5 years in prison.
Secret Service urges caution after discovery of credit card skimming scheme– www.independentmail.com – 4/15/10 – “The United States Secret Service says it has found evidence of an international credit and debit card fraud scheme in South Carolina and is urging consumers to exercise caution.”
The Latest PCI Compliance Stats Disappointing For Level 3s– www.storefrontbacktalk.com – 4/14/10 – “The latest PCI compliance stats—released by Visa this month—are a mixed bag, with Level 1s plateauing at about 15 major chains still non-compliant. But at the small and midsize merchant level, the numbers are so unimpressive that Visa has given up specifying the numbers. Not a good sign.”
Brokerage coughs up $375,000 for website breach– www.theregister.co.uk – 4/14/10 – “US brokerage D.A. Davidson has agreed to pay $375,000 to settle charges that lax security practices allowed criminal hackers from Latvia to pilfer the confidential information of some 192,000 of its customers.”
Credit card skimmer discovered in Wachovia ATM in Rockville location– www.gazette.net – 4/14/10 – “Cases of a hard-to-detect form of credit card fraud are showing up more frequently in the Washington, D.C., region, police say, including a recent case in Rockville, where a skimming device that reads encrypted credit card data was found in a Wachovia Bank branch Automated Teller Machine.”
New PCI Changes: Network Segmentation, One-Way PAN Hashing– www.storefrontbacktalk.com – 4/14/10 – “When the new version of PCI becomes the law of the card-processing land in October, it will include new rules and clarifications on a wide range of key retail payment complaints.”
PCI Rules Uncovered– www.verticalsystemsreseller.com – 4/12/10 – “Payment card industry (PCI) security. If one term and its related acronyms have been bandied about the channel and beyond over the past few years, this is it.”
Ingenico and Element Form a Strategic Partnership to Secure End-to-End Transaction Processing– www.marketwatch.com – 4/13/10 – “Ingenico, the leading worldwide provider of payment solutions, announced today that it has partnered with Element Payment Services, Inc., a leading provider of PCI DSS compliant payment processing solutions to software providers and merchants.”
ATM fraud losses down 36 per cent – www.cpifinancial.net – 4/13/10 – “EAST reports a 36 per cent drop in ATM related fraud losses in 2009, with total losses of $425 million reported. Overall ATM related fraud attacks rose eight per cent with a total of 13,269 incidents reported (up from 12,278 incidents in 2008). This rise has been led by a 209 per cent increase in the number of cases of card trapping (up to 2,166 incidents from 701 in 2008).”
Hypercom and First Data Team to Step Up Payment Industry’s Attack on Card Data Fraud – www.businesswire.com/ – 4/12/10 – “High security electronic payment and digital transactions solutions provider Hypercom Corporation and First Data Corporation today announced that First Data has approved Hypercom as an encrypting service organization for remote key injection and that Hypercom’s HyperSafe® Remote Key System will be available through First Data’s TASQ Technology.”
Malaysian man wanted over alleged $50 million card-skimming operation in Victoria arrested at Darwin airport– www.heraldsun.com.au – 4/13/10 – “The man had been implicated in a syndicate which allegedly stole money from Victorian teller machines, using data stolen from interstate bank account-holders.”
Does New Breach Law Have Teeth?– www.bankinfosecurity.com – 4/12/10 – “In response to the Heartland Payment Systems data breach and similar incidents, Washington has become the third state to pass legislation incorporating the Payment Card Industry Data Security Standard (PCI) to help financial institutions recover costs from credit/debit card breaches.”
Man-in-the-Middle Attacks against SSL– www.schneier.com – 4/12/10 – “A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much.”
Elizabeth Residents Charged In Identity Theft Scheme– njtoday.net – 4/12/10 – “An Elizabeth man and his girlfriend have been indicted for their roles in a scheme to steal other people’s identities and engage in credit card fraud, Attorney General Paula T. Dow and Criminal Justice Director Stephen J. Taylor announced.”
U.S. Dept. of Justice on Emerging Threats: Lessons from TJX, Heartland, and Other Breaches– www.bankinfosecurity.com – 4/10/10 – “Trends in debit and other payment card thefts;Lessons learned from recent breaches; Evolution of breach prosecutions; Steps you can take to avoid being the next victim.”
Payment Card Trapping Rises in Europe– www.pcworld.com – 4/8/10 – “Criminals are increasingly trying to trap debit and other payment cards within cash machines for later retrieval, according to a new report.”
Video: Data breaches to cost more in the cloud– www.securecomputing.net.au – 4/9/10 – “Remedying a data breach costs 40 percent more for businesses that store their data offshore, a study of Australian incidents has found.”
Report: ATM fraud on the rise– www.scmagazineus.com – 4/8/10 – “Nearly one in five debit or credit card fraud victims reported having their PIN information stolen in 2009 – which represents a “considerable increase” over 2008, according to a report released Tuesday by Javelin Strategy & Research.”
Lengthy jail term would waste fraudster's intellect: lawyer – www.timescolonist.com – 4/8/10 – “A co-founder of a Bank Street business that sold devices to forge bank cards was a "middle man" who acted more like a "petulant teenager" than the mastermind of a sophisticated criminal organization, his lawyer argued Thursday.”
Romanian police and FBI break up 70-strong eBay fraud ring– www.securecomputing.net.au – 4/8/10 – “Romanian authorities, in conjunction with US law enforcement, have arrested 70 individuals from three different organised cybercrime groups on charges they perpetrated online auction scams that targeted eBay users.”
BofA Insider to Plead Guilty to Hacking ATMs– www.pcworld.com – 4/7/10 – “A Bank of America computer specialist is set to plead guilty to charges that he hacked the bank's automated tellers to dispense cash without recording the activity.”
Stop the Madness! Payment Apps are on the iPad too soon– blogs.forrester.com – 4/7/10 – “Even though the iPad is barely birthed, there is already a push to provide payment applications for the device. It's time to pull the emergency brake on this trend. Are these applications PA-DSS certified?”
Police alerted to card skimmer – www.piquenewsmagazine.com – 4/7/10 – “Despite most banks switching over to cards with chips, thieves haven't given up trying to steal bank card numbers and pin codes.”
PCI Compliance Is Good; Data Security Is Better – www.storefrontbacktalk.com – 4/7/10 – “If you are like many CIOs, a lot of your security budget is driven by compliance requirements, including PCI DSS. Although many merchants feel they are secure once they achieve PCI compliance, that is not necessarily true.”
Key Logger: Key Stroke and Screen Capture– usa.visa.com/ – 4/7/10 – “To promote the security and integrity of the payment system, Visa is committed to helping clients and payment system participants better understand their responsibilities related to securing cardholder data and protecting the payment industry.”
Javelin report: ATM attacks growing in sophistication – searchfinancialsecurity.techtarget.com – 4/6/10 – “ATM attacks have shifted from basic skimming into attacks on ATM software and ATM networks, fraudulent mobile alerts, and account takeover via stolen information and call centers, according to a report released Tuesday by Javelin Strategy & Research.”
Credit Card Skimmer Bust– www.myfoxny.com – 4/6/10 – “Two restaurant workers are accused of using a credit-card skimmer to steal about $60,000 from customers.”
Police lay more EFTPOS skimming charges– www.securecomputing.net.au – 4/6/10 – “Police have laid charges against two men in NSW and Queensland over their alleged involvement in EFTPOS skimming scams.”
PCI Council readying end-to-end encryption guidance– searchsecurity.techtarget.com – 4/6/10 – “The PCI Security Standards Council is studying a number of emerging technologies and plans to issue a guidance document on end-to-end encryption when it releases the next version of the PCI Data Security Standards (PCI DSS), due out in October.”
Stillwater / Restaurant warns of credit breach– www.twincities.com – 4/6/10 – “More than a dozen people who visited Mad Capper Saloon & Eatery in downtown Stillwater in the past few weeks may have had their credit card information stolen by a thief who apparently obtained the numbers via an unsecured router.”
Case postponed for phishing scame suspects– www.thepost.co.za – 4/6/10 – “The bail application of two Nigerian men allegedly involved in a phishing scam that stole up to R55 million from Internet bankers was postponed to the end of the month, Pretoria police said on Tuesday.”
Police nab alleged card skimmers– www.couriermail.com.au – 4/6/10 – “An alleged EFTPOS skimmer poised to commit mass credit and savings card fraud across Queensland has been charged.”
Oxford County : Debit Card Skimmer Found in Tillsonburg– www.cd989.com – 4/6/10 – “If you used the TD bank machine at the Tillsonburg Town Centre Mall today, OPP are asking you to check your bank records.”
Visa reports rise in retail terminal key-logger attacks– www.bankingtimes.co.uk – 4/6/10 – “Visa has recently alerted its transaction processing members and their clients to an increase in keylogger attacks involving retailers.”
Madison County detectives solve ID theft cases; victims ate at same restaurant– www.bnd.com – 4/5/10 – “Madison County sheriff's detectives say their big break in solving a string of identity-theft cases was when they learned all four victims dined recently at the same restaurant.”
ATM card skimmer found in Rockville– voices.washingtonpost.com – 4/5/10 – “Rockville Police found a skimming device used to capture bank card numbers on a Wachovia Bank automated teller machine Saturday night, NBC 4 reports.”
St. Louis man charged with ID theft– www.thetelegraph.com – 4/5/10 – “Madison County sheriff's deputies have tracked down and arrested a man from St. Louis suspected of "skimming" information from credit cards at an Alton restaurant.”
Ocoee Publix Employees Find Skimmer On ATM– www.wesh.com/ – 4/2/10 – “Employees at one Orange County Publix said they found a skimming device on the store's ATM.”
Skimming Device Found On ATM At Publix – www.wftv.com – 4/2/10 – “At a busy Publix store, an identity thief put a skimming device on an ATM. Police aren't even sure how many victims may have had their bank information stolen."
MasterCard Launches 3 New PCI 360 Webinar Modules – www.iian.ibeam.com – 4/1/10 – “MasterCard takes a look into PCI, its stakeholders, and what it means to be PCI compliant. This module specifically discusses the role of MasterCard with the PCI SSC, the Site Data Protection Program and the PCI 360 Education Program."
The Fatally Flawed Assumptions In The Gonzalez Case – www.storefrontbacktalk.com – 4/1/10 – “As attorneys and retailers argued recently about the sentencing and secrecy of Albert Gonzalez’s criminal empire, various fundamental retail realities were forgotten."
JCPenney’s Breach: Differences From Feds, Gonzalez, JCPenney Itself – www.storefrontbacktalk.com – 4/1/10 – “In November 2007, Albert Gonzalez’s crew was in the midst of hitting their laundry list of major retailers when they used their SQL attack on JCPenney. But just how deep they penetrated the $18 billion clothing chain is unclear, with the Justice Department, JCPenney and intercepted messages from Gonzalez IM conversations all painting very different pictures."
Scammers Use iPhone to Plan Crime– www.cultofmac.com – 4/1/10 – “Two men charged in federal court with planting credit card skimmers at gas stations used an iPhone to plan the crime.”
Gonzalez Sentence Is No Deterrent to Hackers, Security Expert Warns– www.digitaltransactions.net – 4/1/10 – “The 20-year sentence imposed last week on Albert Gonzalez of Miami, the computer hacker who led the attack on Heartland Payment Systems, TJX Cos., and other major retailers, won’t deter future data breaches, a security expert says.”

March 2010

Credit card skimming scam suspected in Berkeley – articles.sfgate.com – 3/31/10 – “Berkeley police are probing thefts of credit card and debit card information that may be the work of criminals known as skimmers, officials said Tuesday.”
Budgeting For A Data Breach – www.storefrontbacktalk.com – 3/31/10 – “It has been said that there are two kinds of systems in this world: Those that have been breached, and those that are going to be breached. If this premise is true, doesn’t it make sense for CIOs to budget for a serious data breach or similar contingency?"
Tokenization: Cut Data Loss Incidents – www.aberdeen.com – 4/1/10 – “Better Evaluate Solutions Technology solution providers and payment processors have recently aligned to promote alternatives - including tokenization and end-to-end encryption - for the protection or elimination of stored cardholder data throughout the payment processing lifecycle."
Merchant Link, AJB Software Design Partner for TransactionVault – www.paymentsnews.com – 3/31/10 – “Merchant Link has announced that it has partnered with AJB Software Design, a provider of electronic payment authorization and data delivery solutions, to integrate Merchant Link’s TransactionVault, a tokenization technology to remove customer credit card data at the point of sale."
Hosted Payment Pages and Fields – paymentsviews.com – 3/31/10 – “As a volunteer at several non-profits, I have, of course, jumped or gotten pulled into those organizations’ payment issues."
Whitepaper: CyberSource Enterprise Payment – forms.cybersource.com – 3/31/10 – “In this whitepaper, you’ll see why three popular payment security myths have impeded many companies from seeing a path to Enterprise Payment Security 2.0, and what you can do to get your company on track."
Card Skimmer Used at Eden Prairie ATM – www.myfoxtwincities.com– 3/30/10 – “Police in Eden Prairie, Minnesota are warning of credit card skimmers at ATM machines after a card scanner fell off a machine earlier this month.”Tokenization eases merchant PCI compliance– www.computerworld.com – 3/30/10 – “Today, it's expected that merchants accept electronic payments and that those payments are secure with no data leaks or breaches of any kind.”
Second credit-card 'skimmer' sentenced in Maplewood case – www.twincities.com – 3/30/10 – “A second man has been sentenced in federal court for helping orchestrate a scheme to alter lost and stolen credit cards by attaching a "skimming device" to ATMs, including a machine at the TCF Bank in Maplewood."
Credit card skimming scam suspected in Berkeley – www.sfgate.com – 3/30/10 – “Berkeley police are probing thefts of credit card and debit card information that may be the work of criminals known as skimmers, officials said Tuesday."
Government Stops Shielding Corporate Breach ‘Victims’ – www.wired.com – 3/30/10 – “For the past few months, national retailer J.C. Penney has been fighting an under-seal court battle to keep you from knowing that its payment card network was breached by U.S. and Eastern European hackers."
Ohio Skimming Scam Nets $50K – www.bankinfosecurity.com – 3/30/10 – “An ATM skimming gang hit a Norwood, Ohio bank and stole $50,000 from more than 120 customer accounts."
Credit Card Skimmer Used at US Bank ATM in Eden Prairie – www.myfoxtwincities.com – 3/30/10 – “Police in Eden Prairie, Minnesota are warning of credit card skimmers at ATM machines after a card scanner fell off a machine earlier this month."
JC Penney Tried to Block Publication of Data Breach – www.pcworld.com – 3/30/10 – “Retailer JC Penney fought to keep its name secret during court proceedings related to the largest breach of credit card data on record, according to documents unsealed on Monday."
Aberdeen Group Recommends End To End Encryption to All Merchants – retailpayments.blogspot.com – 3/30/10 – “In November 2009, Aberdeen Group published their research paper titled, “The 2009 PCI DSS and Protecting Cardholder Data Report.”
State Security Breach Notification Laws – www.ncsl.org – 3/30/10 – “Forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information."
Bank Employee Finds Skimmer On ATM – www.clickorlando.com – 3/29/10 – “A bank employee noticed a "skimmer" on another Central Florida branch's ATM, prompting a police investigation."
Aite Group: E2EE is the best fraud protection technology available today – retailpayments.blogspot.com – 3/29/10 – “Aite Group published a report in March 2010, titled “Card Fraud in the United States: The Case for Encryption."
TJX Accomplice Sentenced to 7 Years in Prison – www.wired.com – 3/29/10 – “A hacker who helped TJX hacker Albert Gonzalez and others gain access to corporate networks was sentenced to 7 years and one day on Monday."
Skimmer Found On Daytona Beach ATM – www.wesh.com – 3/29/10 – “It may not have looked different to bank customers, but an automated teller machine at a Daytona Beach bank was rigged to steal debit card information from customers."
Man Caught On Camera Installing ATM Skimmer – www.wftv.com – 3/29/10 – “A Bank of America ATM was rigged by a thief with a skimming device on it and the subtle differences are things you’d never notice. The device could read every ATM card that went into the machine and also record people's PIN numbers."
Fifth Third Banks Charts New Security Course – www.americanbanker.com – 3/29/10 – “Man-in-the-middle attacks and other assaults on the browser are becoming more common and pose a challenge to the whole banking industry, says Joe Bernik, chief information security officer at Cincinnati-based Fifth Third Bank."
Data-Theft Ring Targeted Wet Seal, But No Card Information Stolen – www.paymentssource.com – 3/29/10 – “Retailer The Wet Seal Inc. acknowledged March 29 it was one of several retailers targeted by a card data-theft ring involving Albert Gonzalez, the hacker a U.S. District Court in Massachusetts sentenced last week for his role in stealing consumer card and financial information from a string of companies."
Skimmer found at Reading cash point – www.readingchronicle.co.uk – 3/29/10 – “BANK customers are being urged to be on their guard after a skimming machine was found at a Reading cash machine."
80% of Retailers believe E2E Encryption is very important in protecting customer information – retailpayments.blogspot.com – 3/29/10 – “Retail Systems Research recently published “Building Trust and Growing the Brand: The Role of Privacy and Security in Retail 2010.” (March 2010)."
QSA's Recommend End to End Encryption for Cardholder Data Protection – retailpayments.blogspot.com – 3/29/10 – “The Ponemon Institute recently published a study on PCI Compliance titled “PCI DSS Trends 2010: QSA Insights Report.” Published in March 2010, the study surveyed 155 QSAs worldwide to their opinions on PCI Compliance, PCI Compliance Costs, and encryption technology."
Visa launches Southeast Asia’s first mobile-based one-time password for online shopping – www.thaipr.net – 3/29/10 – “Visa cardholders in Thailand are the first in Southeast Asia to be able to use a mobile phone based one-time password to authenticate themselves when they use their Visa card for purchases over the internet."
ID theft hits 3.3 million college students – www.startribune.com – 3/27/10 – “Thieves stole computer data from Oakdale-based ECMC getting sensitive information about federal student loans. It is believed to be one of the biggest U.S. cases of student identity theft."
Local industry keen to mirror UK’s data breach fines – www.securecomputing.net.au – 3/26/10 – “Australia should follow Britain's lead in heavily fining organisations for serious data losses, according to security industry figures discussing the development with iTnews. "
Thieves Use Skimmer To Take $50,000 From ATM Customers – www.wlwt.com – 3/26/10 – “Norwood police are looking for the men who used an ATM skimmer to steal money from dozens of bank accounts."
Durham cops help crack 'sophisticated' ATM fraud ring – newsdurhamregion.com – 3/26/10 – “One Durham Region resident is among six people charged in connection with a sophisticated debit card fraud ring that had the potential to bilk banks out of millions of dollars."
ATM skimmer found at Buranda – south-east-advertiser.whereilive.com.au – 3/26/10 – “Police have warned southside ATM users to be vigilant after a card skimmer was discovered attached to a cash machine at a Buranda shopping centre yesterday.”
Gonzalez Lawyers, Judges Debate Data Breach Costs – storefrontbacktalk.com/ – 3/25/10 – “When two Boston-based federal judges sentence Albert Gonzalez Thursday (March 25) and Friday (March 26) for a rash of retail cyber-break-ins that he confessed to orchestrating, the exact sentence may be academic.”
Heartland Preps for Its Big End-to-End Encryption Rollout – www.digitaltransactions.net – 3/25/10 – “Merchant acquirer Heartland Payment Systems Inc.’s sales force will begin selling the company’s new end-to-end encryption system in the second quarter following testing that began last June, the company says.”
Visa to chop old-style credit cards – www.stuff.co.nz – 3/24/10 – “Visa will move to chip cards for all its credit cards from next month, with the days of signing for purchases to end in 2012."
New ICO penalties change the data security playing field– www.infosecurity-magazine.com – 3/24/10 – “As Infosecurity readers may be aware, on April 6, the ballgame for data security in the UK changes because, as from that date, the Information Commissioners' Office (ICO) has the power to fine organisations up to 500,000 pounds - up from 5,000 pounds previously - for serious data leaks or losses.”
Law Enforcement Appliance Subverts SSL – www.wired.com – 3/24/10 – “That little lock on your browser window indicating you are communicating securely with your bank or e-mail account may not always mean what you think its means."
The Spy in the Middle – www.crypto.com – 3/24/10 – “A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much."
TJX Hacker Paid $75K As Secret Service Informant – www.crn.com – 3/24/10 – “Notorious Miami hacker Albert Gonzalez was being paid $75,000 a year by the U.S. Secret Service to work as an undercover informant at the time he spearheaded the TJX hack in 2007, CNN reports.”
Thousands of dollars taken from bank accounts linked to ATM card skimmer – www.washingtonpost.com/ – 3/24/10 – “Thousands of dollars in unauthorized withdrawals were made from bank accounts in the Washington area after a skimming device was attached to an ATM in Alexandria, authorities said.”
Card-skimmer suspect still at large, cops say – www.recordonline.com – 3/24/10 – “Stealing other people's private ATM or credit card numbers does not require a computer science degree.”
New Washington Law Protects Credit Unions In Data Breaches – www.paymentssource.com – 3/24/10 – “A new law signed by Gov. Christine Gregoire Monday will lift some of the burdens on credit unions for reissuing credit cards in data breaches by making the offending parties liable.”
Fifth Third Data Breach Means New Debit Cards – www.wcpo.com – 3/24/10 – “Another week, another data breach affecting some Cincinnati area bank customers. This time, however, it's not PNC/National City customers affected, but rather some customers of Fifth Third bank.”
Eight Electronic Skimmers Found at Richfield Gas Stations – www.kcsg.com – 3/24/10 – “Two people were arrested Friday when identity theft took a high tech turn in Richfield. Electronic credit card skimming devices were found in two gas stations in Richfield on March 17.”
Utah police arrest suspected ATM skimmers; may be related to Reno-Sparks cases – www.rgj.com – 3/24/10 – “A Utah police department has arrested two men on charges they illegally hooked up devices to gas station pumps to collect ATM personal identification numbers from unsuspecting customers there.”
22 Banking Breaches So Far in 2010 – www.bankinfosecurity.com – 3/23/10 – “There have been 173 reported data breaches so far in 2010, and 22 of these involve financial services companies.
PCI Compliance Thought Leader Q&A: Dr. Anton Chuvakin – blog.elementps.com – 3/22/10 – “This month we’ve interviewed PCI Compliance Thought Leader Dr. Anton Chuvakipci compliance bookn, a recognized security expert in the field of log management and PCI DSS compliance.”
First Data's composite security system - a game changer? – www.greensheet.com – 3/22/10 – “Processing giant First Data Corp. recently launched a pilot security program to guard merchant POS systems, and the company hopes it will become a benchmark in the fight against data theft.”
Event Information: ETA Trustwave Webinar: Global Security Report 2010 – www.trustwave.com – 3/22/10 – “The Electronic Transactions Association and Trustwave invite you to attend a complimentary interactive webinar titled, Global Security Report 2010: Statistics and Trends.”
OIA worker accused of skimming money from parking-garage customers – www.orlandosentinel.com – 3/20/10 – “An Orlando International Airport toll-booth worker has been accused of defrauding people who paid for parking with their credit cards.”
N.B. arrests put spotlight on attempts to stamp out identity theft, fraud – timestranscript.canadaeast.com – 3/20/10 – “No matter how crafty criminals get in their attempts to steal banking information from consumers, Canada's banks are trying just as hard to thwart them.”
Suspected card skimming scam in Darwin – www.abc.net.au – 3/19/10 – “A Darwin woman says $2000 has been stolen from her bank account after a suspected card skimming incident at a Commonwe